Once you have clicked on the New button to create a new risk assessment (either Strategic, Operational, or Corporate), the initial risk assessment can be carried out simultaneously.

• STEP 1: Select the relevant risk register tab accessed via Menu > Risk Management > [e.g. Strategic Risk Register], and click the New button at the top-right corner of the page. Or click on the + new icon from the left-hand Navigation Panel > Risk > [Click on the Register].

The screen will refresh, and the new risk template will be displayed for you to start entering the details to the first Initial/Inherent Risk Assessment tab.

All fields that are mandatory (as setup by your administrator) will be flagged with a red indicator at the left corner of the field.

• STEP 2: When creating a project risk assessment, you must select a project which the risk directly links to first. Therefore there is an extra step that is needed to be taken when creating project risks, compared to the other risk registers.

Once you have clicked on the New option to create a new project risk, a window will popup allowing you to search for your project using several filters (Business Unit, Service Profile, and/or Responsible Person). From these filters, the Project dropdown will reduce to show the projects that have been inputted from your Administration area.

For those who do use Camms.Strategy, the actions/projects will come directly from your business planning area.

Once a project has been selected, the fields will display for you to create a new project risk. Fill out the Risk Title and Responsible Person and then click on the Add button. You may add as many risks as you like under the one project from this pop up window.

Once you have added your risks, close the window by clicking on the close icon. From here you will be taken back to the Project Risk Register, where you should now see your risks that you have just entered against your project. Click on the Title (hyperlinked) to enter the risk assessment details and complete the initial risk assessment.

• STEP 3: Specify the following details.

Field	Description/Instructions	Mandatory/Optional	Strategic	Operational	Project	Corporate
Risk Details
Active	Sets the Risk as Active or Inactive. Defaults to Active. Once this is saved, if you require to make this Inactive, a user with edit permissions will be able to make this change.	N/A			Info Note: If an internal setting has been set by Camms Support for editing this risk, only Admins and Risk Managers will be allowed to edit.	Info Note: If you are on the flexible permission structure, this will be governed by a separate permission configuration.
Risk Code	Enter a code to identify the risk. The risk code along with the risk title will be displayed in the header section of a risk record when accessed. Info Note: The Risk Manager can set automatic numbering for this field via Risk Settings and therefore if this is done, it will appear as greyed out.	Mandatory
Apply Template*	*If Applicable Allows users to select and apply a Risk Template which auto-populates several fields within the assessment which enables speedy addition of similar risks. Info Note: Templates are defined and maintained by the Risk Manager from within the Risk Settings area.	Optional
Confidential	Tick box to define the risk as being confidential. Info Note: Once this tick box is checked, a dropdown will display to select which users you wish to mark this risk as confidential.	Optional
Risk Description	Enter a short title to identify the risk by. This title along with the risk code will be displayed in the header section of a risk record when accessed.	Mandatory
Responsibility Centre	Select a Service Profile added by an admin here. This field requires to be enabled for Strategic/ Operational/ Project/ Corporate Risks to show the Service Profiles linked with the relevant Business Units. Info Note: This field can be enabled by Camms Support via an internal setting once it has been requested.	Optional
Responsible Officer	Assign a Responsible Person who will be responsible for monitoring and reporting on the status of the risk. This will enable a link to this Risk Assessment to display on the designated person’s homepage. Dropdown shows staff list for selection.	Mandatory
Secondary Responsible Officers	Select a Secondary Responsible Person and click Add to add him/her to the list of Secondary Responsible Officers. Multiple staff members can be selected. Dropdown shows staff list for selection.	Optional The Risk Manager can activate this area from within Risk Settings. If deactivated, this grid will not show.
Primary Risk Category	Select one category as the Primary Risk Category. Info Note: Categories are defined by a Risk Manager within the Risk Settings page.	Mandatory
Primary Risk Sub Categories	Select Risk Sub Categories (based on the primary category). See title Primary Risk Sub Categories below for more details.	Optional
Secondary Risk Categories	Select Secondary Risk Categories here. See title Secondary Risk Categories below for more details.	Optional
Causes	Any Causes that contribute to this risk can be noted here. A Risk Manager can toggle the visibility of this field to make it appear in the Initial, Current, and/or Future Risk Assessments via Risk Settings. Info Note: Causes will be ordered chronologically in an ascending order (i.e. oldest item first and recent item last).	The Risk Manager can decide if this field is mandatory or optional based on the configurations in the Field Configuration  area. This can be either set to be a grid or a text field. Please contact CAMMS to change the current set up if required.
Consequences	Any Impact/Consequences that arise from this risk can be noted here. A Risk Manager can toggle the visibility of this field to make it appear in the Initial, Current, and/or Future Risk Assessments via Risk Settings. Info Note: Consequences will be ordered chronologically in an ascending order (i.e. oldest item first and recent item last).
Consequences Criteria Selection	Select a consequence rating by clicking the Select button. This will allow a pop up window to show for you to select the consequences based on the category description. This is called the consequence table to help you identify ‘consequence of the risk’. Users can simply click the relevant cell to select a consequence. This grid is defined and maintained by the Risk Manager from within Risk Settings.	Mandatory
Likelihood Criteria Selection	Select a Likelihood by clicking on the Select button. This will allow a pop up window to show allowing you to select a likelihood based on a description to help you identify it. Info Note: The Likelihood list is defined by the Risk Manager within Risk Settings. Users can simply click the relevant cell to select a Likelihood. This grid is defined and maintained by the Risk Manager from within Risk Settings.	Mandatory
Organisation Links	Create linkages for the risk with hierarchies (Organisation hierarchy only)	Optional The Risk Manager can decide if this field is visible or not and mandatory or optional based on the configurations in the Field Configuration  area.
Add/Edit Links	Create linkages for the risk with other entities (risks, hierarchies, incidents, audits, findings, recommendations. KPI/KRIs, compliance requirements, authority documents and policies). This list will be based on the modules enabled for you in the database.	Optional The Risk Manager can decide if this field is visible or not and mandatory or optional based on the configurations in the Field Configuration area.
Add to Business/Strategic Plan	Create linkages between the risks with organisation and planning hierarchies and create new actions in Camms.Strategy via risk. This will be activated via a setting.	Optional The button Add to Business/ Strategic Plan will be shown to all users with access	Info Can only link to the Planning hierarchy	Info Can link to both Organisation and Planning hierarchies	Info Can only link to the Organisation hierarchy	Info Can only link to the Planning hierarchy

1.1 Heatmap within Assessment Tabs

A heatmap will be displayed within all three assessment tabs based on the the criteria selection. 

• The bubbles within the heatmap will denote the assessment ratings (Black: Future, White: Residual/Current, xGrey: Inherent/Initial).

• When hovered over a square, each square's represented likelihood, consequence, and rating will be displayed as a tooltip text.

1.2 Primary Risk Sub Categories

This multi-select dropdown will let you select sub risk categories of the selected primary risk category in the risk assessment tab.

This dropdown can be made visible with the below configuration:

• For all risk types, set as 'Visible' in the Field Configuration page (accessed via Menu > Framework > Risk Settings > Field Configuration > Sub Categories and Secondary Categories).

• If the field is made visible for the Revised/Current and Future assessment tabs, the categories will display as an un-editable label.

1.3 Secondary Risk Categories

This multi-select dropdown will let you select secondary risk categories in the risk assessment tab.

1.4 Controls

Controls can be accessed within a Risk record in the Risk Assessment tab, click the Add New button in the under the section where Controls are listed. This will direct you to the 'Controls Record Detail' page in a popup window.

• STEP 4: Click the Save button to save the initial risk assessment.

Every risk created will automatically default to ‘Active’. You can deselect this if required. After saving, an image will appear which shows the Calculated Risk Rating.

1.5 Copy & Move

When Risk Aggregation is enabled in Risk Settings, this button allows users to efficiently duplicate or relocate risk-related information.

Choose the Risk Type and Category for the copied risk. The selected Categories and hierarchy nodes will populate in the copied risk. You can select multiple hierarchy nodes, resulting in a copy of the risk for each selected node. Additionally, an automated linkage will be established, visible within the 'Links' tab of the copied risk.

1.6 Creating a Risk as a Draft for Approval

You can configure a risk to be created as a draft and submitted for approval to the responsible person, prior to it being active. To do so:

• STEP 1: The setting 'Enable Risk SignOff process (Risk Approvals)' requires to be enabled via Administration > Configuration > Enable Risk SignOff process (Risk Approvals).

• STEP 2: In the risk assessment tab, once completed filling the risk details, click on the Under Review button at the top of the page.

• STEP 3: Once the risk is created, it will be in a 'Draft' approval status. And once a 'Draft' risk is submitted, it will display a 'Submitted' approval status, and will be assigned to the Responsible Person, in the Risk Register.

• STEP 4: If the submitted risk is rejected by the responsible person, the approval status will be 'Rejected' and go back to a 'Draft' state when edited.

• STEP 5: If the submitted risk was approved by the responsible person, the approval status will be 'Approved'.

1.7 Add to Business/Strategic Plan

This allows a risk to be either linked to the planning or organisation hierarchy. Depending on the risk type, the hierarchies available for linking would be determined. For strategic and corporate risks, only the planning (strategic) hierarchy will be available for linking whereas for operational risks both planning and organisation hierarchies are available. Only the organisation hierarchy will be available for project risks. 

The list of hierarchies will be shown on the left hand side with a list of all risks, risk treatment actions and control solutions on the right hand side. Control solutions will be marked by a red super scripted 'c' against the solution title for easy identification. A linkage can be made simply by dragging the risk/risk treatment action or control solution you wish to link with a hierarchy node from the list on to the node name. Once a linkage is made successfully, clicking on either the node or the linked item will show all linkages in the area in the middle of the screen. The linkages can be deleted as well by a user with the edit permissions to the area.

You can also expand the hierarchy tree up to the action/task level and link a risk treatment action with a Camms.Strategy action/task as well from here. If there is no existing planning action, you can add the risk treatment action as a new action/task as well.

When this is done, a new action/task with the same details as the treatment action will be created on Camms.Strategy product. The two actions will behave independently despite the linkage but the progress information can be made to synchronise if required as well. The latter is enabled via a setting. Please contact Camms support if you wish to enable this feature. 

When you have completed entering and saved all the information for your Initial Assessment you can go on to assess the Current Risk by clicking on Next. Or click the Current/Residual Risk Assessment tab on top. Note that these buttons will only be active once you have saved the Initial/Inherent Risk Assessment.

Initial Assessments for all four types of risks are conducted in the same way.