Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Current »

This article contains:

1. Initial (Inherent) Risk Assessment

Once you have clicked on the New button to create a new risk assessment (either Strategic, Operational, or Corporate), the initial risk assessment can be carried out simultaneously.

Note: Project Risks go through an extra step when creating a new risk. Refer Step 2 for more details.

  • STEP 1: Select the relevant risk register tab accessed via Menu > Risk Management > [e.g. Strategic Risk Register], and click the New button at the top-right corner of the page. Or click on the + new icon from the left-hand Navigation Panel > Risk > [Click on the Register].

The screen will refresh, and the new risk template will be displayed for you to start entering the details to the first Initial/Inherent Risk Assessment tab.

All fields that are mandatory (as setup by your administrator) will be flagged with a red indicator at the left corner of the field.

Note: The visibility of some fields can be controlled by the Risk Manager from Framework > Risk Settings > Field Configuration  area.

  • STEP 2: When creating a project risk assessment, you must select a project which the risk directly links to first. Therefore there is an extra step that is needed to be taken when creating project risks, compared to the other risk registers.

Once you have clicked on the New option to create a new project risk, a window will popup allowing you to search for your project using several filters (Business Unit, Service Profile, and/or Responsible Person). From these filters, the Project dropdown will reduce to show the projects that have been inputted from your Administration area.

Note: For organisations that do not have Camms.Strategy integration, the projects are created and filtered through this section under the Administration section of the Navigation Menu. Please refer to the Administration > Projects section for more information on creating projects if you don’t use our Camms.Strategy software.

For those who do use Camms.Strategy, the actions/projects will come directly from your business planning area.

Once a project has been selected, the fields will display for you to create a new project risk. Fill out the Risk Title and Responsible Person and then click on the Add button. You may add as many risks as you like under the one project from this pop up window.

Once you have added your risks, close the window by clicking on the close icon. From here you will be taken back to the Project Risk Register, where you should now see your risks that you have just entered against your project. Click on the Title (hyperlinked) to enter the risk assessment details and complete the initial risk assessment.

  • STEP 3: Specify the following details.

Note: The Risk Manager/Administrator can activate/de-active these fields or make these fields mandatory/optional from within Risk Settings. If deactivated, these fields will not show.

Field

Description/Instructions

Mandatory/Optional

Strategic

Operational

Project

Corporate

Risk Details

Active

Sets the Risk as Active or Inactive. Defaults to Active.

Once this is saved, if you require to make this Inactive, a user with edit permissions will be able to make this change.

N/A

Note: If an internal setting has been set by Camms Support for editing this risk, only Admins and Risk Managers will be allowed to edit.

Note: If you are on the flexible permission structure, this will be governed by a separate permission configuration.

Risk Code

Enter a code to identify the risk. The risk code along with the risk title will be displayed in the header section of a risk record when accessed.

Note: The Risk Manager can set automatic numbering for this field via Risk Settings and therefore if this is done, it will appear as greyed out.

Mandatory

Apply Template*

*If Applicable

Allows users to select and apply a Risk Template which auto-populates several fields within the assessment which enables speedy addition of similar risks.

Note: Templates are defined and maintained by the Risk Manager from within the Risk Settings area.

Optional

Confidential

Tick box to define the risk as being confidential.

Note: Once this tick box is checked, a dropdown will display to select which users you wish to mark this risk as confidential.

Optional

Risk Description

Enter a short title to identify the risk by. This title along with the risk code will be displayed in the header section of a risk record when accessed.

Mandatory

Responsibility Centre

Select a Service Profile added by an admin here. This field requires to be enabled for Strategic/ Operational/ Project/ Corporate Risks to show the Service Profiles linked with the relevant Business Units.

Note: This field can be enabled by Camms Support via an internal setting once it has been requested. 

Optional

Responsible Officer

Assign a Responsible Person who will be responsible for monitoring and reporting on the status of the risk. This will enable a link to this Risk Assessment to display on the designated person’s homepage.
Dropdown shows staff list for selection.

Mandatory

Secondary Responsible Officers

Select a Secondary Responsible Person and click Add to add him/her to the list of Secondary Responsible Officers. Multiple staff members can be selected.
Dropdown shows staff list for selection.

Optional

The Risk Manager can activate this area from within Risk Settings. If deactivated, this grid will not show.

Primary Risk Category

Select one category as the Primary Risk Category.

Note: Categories are defined by a Risk Manager within the Risk Settings page.

Mandatory

Primary Risk Sub Categories

Select Risk Sub Categories (based on the primary category).
See title Primary Risk Sub Categories below for more details.

Optional

Secondary Risk Categories

Select Secondary Risk Categories here.
See title Secondary Risk Categories below for more details.

Optional

Causes

Any Causes that contribute to this risk can be noted here. A Risk Manager can toggle the visibility of this field to make it appear in the Initial, Current, and/or Future Risk Assessments via Risk Settings.

Note: Causes will be ordered chronologically in an ascending order (i.e. oldest item first and recent item last).


The Risk Manager can decide if this field is mandatory or optional based on the configurations in the Field Configuration  area.

This can be either set to be a grid or a text field. Please contact CAMMS to change the current set up if required.


Consequences

Any Impact/Consequences that arise from this risk can be noted here. A Risk Manager can toggle the visibility of this field to make it appear in the Initial, Current, and/or Future Risk Assessments via Risk Settings.

Note: Consequences will be ordered chronologically in an ascending order (i.e. oldest item first and recent item last).

Consequences Criteria Selection

Select a consequence rating by clicking the Select button. This will allow a pop up window to show for you to select the consequences based on the category description. This is called the consequence table to help you identify ‘consequence of the risk’.
Users can simply click the relevant cell to select a consequence. This grid is defined and maintained by the Risk Manager from within Risk Settings.

Mandatory

Likelihood Criteria Selection

Select a Likelihood by clicking on the Select button. This will allow a pop up window to show allowing you to select a likelihood based on a description to help you identify it.

Note: The Likelihood list is defined by the Risk Manager within Risk Settings.
Users can simply click the relevant cell to select a Likelihood. This grid is defined and maintained by the Risk Manager from within Risk Settings.

Mandatory

Organisation Links

Create linkages for the risk with hierarchies (Organisation hierarchy only)

Optional

The Risk Manager can decide if this field is visible or not and mandatory or optional based on the configurations in the Field Configuration  area.

Add/Edit Links

Create linkages for the risk with other entities (risks, hierarchies, incidents, audits, findings, recommendations. KPI/KRIs, compliance requirements, authority documents and policies). This list will be based on the modules enabled for you in the database. 

Optional

The Risk Manager can decide if this field is visible or not and mandatory or optional based on the configurations in the Field Configuration area.

Add to Business/Strategic Plan

Create linkages between the risks with organisation and planning hierarchies and create new actions in Camms.Strategy via risk. This will be activated via a setting.

Optional

The button Add to Business/ Strategic Plan will be shown to all users with access

Can only link to the Planning hierarchy

Can link to both Organisation and Planning hierarchies

Can only link to the Organisation hierarchy

Can only link to the Planning hierarchy

1.1 Heatmap within Assessment Tabs

A heatmap will be displayed within all three assessment tabs based on the the criteria selection. 

  • The bubbles within the heatmap will denote the assessment ratings (Black: Future, White: Residual/Current, xGrey: Inherent/Initial).

  • When hovered over a square, each square's represented likelihood, consequence, and rating will be displayed as a tooltip text.

Note: The X and Y coordinates displayed in the heatmap will not be editable and will not be considered from the sort order in the Risk Settings > Criteria page as of now. 

1.2 Primary Risk Sub Categories

This multi-select dropdown will let you select sub risk categories of the selected primary risk category in the risk assessment tab.

This dropdown can be made visible with the below configuration:

  • For all risk types, set as 'Visible' in the Field Configuration page (accessed via Menu > Framework > Risk Settings > Field Configuration > Sub Categories and Secondary Categories).

  • If the field is made visible for the Revised/Current and Future assessment tabs, the categories will display as an un-editable label.

1.3 Secondary Risk Categories

This multi-select dropdown will let you select secondary risk categories in the risk assessment tab.

1.4 Controls

Controls can be accessed within a Risk record in the Risk Assessment tab, click the Add New button in the under the section where Controls are listed. This will direct you to the 'Controls Record Detail' page in a popup window.

Note: See article Control Management under title 'Control Record Details' for more information on this area.

  • STEP 4: Click the Save button to save the initial risk assessment.

Every risk created will automatically default to ‘Active’. You can deselect this if required. After saving, an image will appear which shows the Calculated Risk Rating.

Note: The highlighted Risk Rating is auto generated once you have saved the initial/inherent risk assessment. The rating is calculated based on the calculations set by your administrator.

1.5 Copy & Move

When Risk Aggregation is enabled in Risk Settings, this button allows users to efficiently duplicate or relocate risk-related information.

To enable this feature, navigate to Risk Settings > Risk Aggregation and activate the Risk Aggregation option. Once enabled, the aggregation feature can be accessed via the Risk Details > Copy/Move button.

Choose the Risk Type and Category for the copied risk. The selected Categories and hierarchy nodes will populate in the copied risk. You can select multiple hierarchy nodes, resulting in a copy of the risk for each selected node. Additionally, an automated linkage will be established, visible within the 'Links' tab of the copied risk.

1.6 Creating a Risk as a Draft for Approval

You can configure a risk to be created as a draft and submitted for approval to the responsible person, prior to it being active. To do so:

  • STEP 1: The setting 'Enable Risk SignOff process (Risk Approvals)' requires to be enabled via Administration > Configuration > Enable Risk SignOff process (Risk Approvals).

  • STEP 2: In the risk assessment tab, once completed filling the risk details, click on the Under Review button at the top of the page.

  • STEP 3: Once the risk is created, it will be in a 'Draft' approval status. And once a 'Draft' risk is submitted, it will display a 'Submitted' approval status, and will be assigned to the Responsible Person, in the Risk Register.

  • STEP 4: If the submitted risk is rejected by the responsible person, the approval status will be 'Rejected' and go back to a 'Draft' state when edited.

  • STEP 5: If the submitted risk was approved by the responsible person, the approval status will be 'Approved'.

Note: See article Risk Approval for more details on the administrative side and workflow of an approval process.

1.7 Add to Business/Strategic Plan

This allows a risk to be either linked to the planning or organisation hierarchy. Depending on the risk type, the hierarchies available for linking would be determined. For strategic and corporate risks, only the planning (strategic) hierarchy will be available for linking whereas for operational risks both planning and organisation hierarchies are available. Only the organisation hierarchy will be available for project risks. 

The list of hierarchies will be shown on the left hand side with a list of all risks, risk treatment actions and control solutions on the right hand side. Control solutions will be marked by a red super scripted 'c' against the solution title for easy identification. A linkage can be made simply by dragging the risk/risk treatment action or control solution you wish to link with a hierarchy node from the list on to the node name. Once a linkage is made successfully, clicking on either the node or the linked item will show all linkages in the area in the middle of the screen. The linkages can be deleted as well by a user with the edit permissions to the area.

You can also expand the hierarchy tree up to the action/task level and link a risk treatment action with a Camms.Strategy action/task as well from here. If there is no existing planning action, you can add the risk treatment action as a new action/task as well.

When this is done, a new action/task with the same details as the treatment action will be created on Camms.Strategy product. The two actions will behave independently despite the linkage but the progress information can be made to synchronise if required as well. The latter is enabled via a setting. Please contact Camms support if you wish to enable this feature. 

When you have completed entering and saved all the information for your Initial Assessment you can go on to assess the Current Risk by clicking on Next. Or click the Current/Residual Risk Assessment tab on top. Note that these buttons will only be active once you have saved the Initial/Inherent Risk Assessment.

Initial Assessments for all four types of risks are conducted in the same way.

Note: If you have set up all your criteria for the Initial Risk Assessment to be non-mandatory, you can navigate and carry out the next risk assessments even without filling out and completing the initial risk assessment. This applies to all risk assessments.


<< Back to main section
Risk Assessment

UG Footer 2024-20240103-072111.png

  • No labels