Camms.Risk | March 2022
- amani imtiyas
Camms is pleased to bring you the Quarterly Product Release Note for Camms.Risk.
This quarter we've got a number of exciting new features and enhancements to improve your user experience within the system, which will be available in your Test environment on 12th March 2022 and will be available in your Live instance on 26th March 2022.
1. Introducing the revamped Control Register |
The new revamped Controls module will enable Controls to function independently, with no mandatory links to Risks. Controls will be available as a standalone module which can be combined with Camms products such as Risk and Compliance.
This will include features such as:
Revamped Control Register directly accessible from the left navigation menu
Link and monitor controls to additional entities
Add/edit/delete controls against a compliance record and assess the control effectiveness against the linked record
A dedicated settings area for controls where you can configure the control rating, field configuration, custom lists, control register configurations, and email notifications
Permissions to set granular level access to controls
Option to configure the Control Register as the default homepage for users
The revamped Control Register can be accessed via the left-hand side Menu and Workspace under the Mega Menu. This will let you create controls as templates without any mandatory linkages with Risks. Additionally, Controls will be available within the + icon in the Quick Links Menu.
How do you configure this?
Enabling internal setting ‘Enable Control’ – The internal setting ‘Enable Controls’ needs to be enabled for the Control Register to be available as a standalone register. Please contact Camms Support on support@cammsgroup.com to set this up for your organisation.
Control Settings – A dedicated area for Control Settings will be introduced (accessed via Camms.Risk Menu > Framework > Control Settings). This section will consist of Control related settings such as Control Ratings, Control Register Configuration, Field Configuration, Custom Lists, Emails, and Email Templates.
1.1 Field Configuration
The Field Configuration page will let you configure fields within the below tabs of the Control Details page and Control Records Details page:
Control Details
Documents
Links
Control Assessment Tab – This tab will be enabled only when the ‘Enable Survey’ setting is enabled for your organisation.
The columns within the Field Configuration page have been renamed as below:
Previous Name | New Name | Access/Function |
|---|---|---|
Unique for Risk | Unique for Record | When fields are marked as Unique, details can be maintained uniquely for the same Control, linked to multiple Risks and Compliance records. If fields are maintained as common (not unique), these fields will appear as Read-Only and cannot be edited. These fields can be updated only via the Control Template. |
Control Detail | Control Detail | This can be accessed by clicking the Control Title within the Control Register. This page will display details maintained against the Control Template. |
Control Risk Detail | Control Record Detail | This can be accessed by clicking the Control Title within the Control Record grid in the Risk Assessment tabs, and the Control Object within a Compliance record. This page will display the details maintained against the Control linked with the specific Risk/Compliance record. |
Risk Grid | Control Record Grid | This can be accessed via the Risk Assessment tabs of Risk and the Control object within a Compliance record. This grid will let you add and link to new or existing controls to the Risk and Compliance records. |
1.1.1 Control Details Tab
Using field configurations, you will be able to configure the fields that are required to be made visible and/or mandatory within Control related areas such as the Control Details page, Control Record Detail page, Control Record grid, and the My Quick Update page.
Existing features such as defining the sequence number, label name, and help text will be available as well.
When a field is configured as ‘Unique for Record’ it will remove visibility from the Control details page, and the My Quick Update page except for the fields: Control Owner, Control Owner Rating, Control Authoriser, and Control Authoriser Rating.
Validations will be available for the fields: Control Owner, Control Owner Rating, Control Authoriser, and Control Authoriser Rating.
The 'Control Owner' field will be ticked automatically when the visibility of the 'Control Owner Rating' field is ticked. If the visibility of 'Control Owner' is unticked, the visibility of 'Control Owner Rating' will be unticked.
The 'Control Authoriser' field will be ticked automatically when the visibility of the 'Control Authoriser Rating' field is ticked. If the visibility of 'Control Authoriser' is unticked, the visibility of 'Control Authoriser Rating' will be unticked.
The Control Solution grid field will be configured as 'Unique for Record' and the tick will be disabled. Control Solutions can be added only when the Control is linked to a record (i.e. Risk or Compliance).
The mandatory checkbox will act as a common checkbox and will apply across all pages (i.e. to Control Detail page, Control Record grid, Control Records Details page, and My Quick Update). The mandatory field will be disabled unless visibility is ticked for the field.
Control Title will be unticked and disabled for the checkbox ‘Unique for Record’. Control Title will need to be edited via the Control Template accessed via the Control Register.
1.1.2 Documents Tab
The ‘Show Tab’ toggle will be turned ON by default. The Document tab will not be visible within the Control Detail page and Control Record Detail page, if the toggle is turned OFF.
Documents will be commonly maintained going forward. The existing feature where Documents were able to be managed uniquely against linked records, will no longer be available.
1.1.3 Links Tab
The ‘Show Tab’ toggle will be turned ON by default. The Links tab will not be visible within the Control Detail Page and Control Record Detail page, if the toggle is turned OFF.
Links will be commonly maintained going forward. The existing feature where Links were able to be managed uniquely against linked records will no longer be available.
1.1.4 Control Assessment Tab
This tab will be enabled only when the ‘Enable Survey’ setting is turned ON.
The ‘Show Tab’ toggle will be turned ON by default. If you set it as OFF, the Control Assessment tab will not be visible within the Control Detail page and Control Record Detail page.
Important: There are few identified issues that will be fixed in this component in a maintenance release. For inquiries about a particular issue or to report an issue, please contact Camms Support on support@cammsgroup.com.
1.2 Register Configuration
Configurations for the Control Register and the Control Dashboard popup can be done via this page.
1.2.1 Control Register
This page will consist of fields that can be configured as columns and filters within the Control Register. This can be done by clicking the ‘Visible’ and the ‘Searchable’ checkboxes against each field.
Notes:
The Visible checkbox will be disabled for the fields which are marked as ‘Unique for Record’ in Field Configuration.
Fields that are marked as ‘Unique for Record’ can still be configured as ‘Searchable’, which will display these fields as filters within the Control Register.
The below new fields will be introduced and can be configured for Visible and Searchable as below:
Field Name | Visible | Searchable |
|---|---|---|
Hierarchy Links | Yes | Yes |
Linkage Type | No | Yes |
Linked Records | No | Yes |
Links Count | Yes | No |
Important: The following issue has been identified in this component and will be fixed in a maintenance release. Please contact Camms Support on support@cammsgroup.com for any inquiries or to report an issue:
Custom List fields are not available for Filters.
1.3 Email and Email Templates
Controls related emails and email templates will be available within the Control Settings page.
1.3.1 Emails
Only the below mentioned Control specific email triggers will be available when accessed via Control Settings.
Control Creation
Control Assignment (bulk email) – [CONTROL_NAME_LIST] snippet should be used for the bulk emails to get triggered
Control Owner Rating Change
Control Authoriser Rating Change
Control Solution Creation
Control Solution Next Update
Control Solution End Date
Control Solution Completed Date
Control Review Date
Only the Control specific recipients will be available within Control Settings.
The Camms.Risk related email triggers will be located at Mega menu > Administration > Risk Administration > Email when both Risk product as well as the Control module have been activated, or only the Camms.Risk module has been activated.
1.3.2 Email Templates
Only the Control related email templates will be available within this section.
Only the snippets relevant to Controls will be available.
Only Camms.Risk related email templates and snippets will be available when both Camms.Risk product as well as the Control module have been activated, or only the Camms.Risk module has been activated..
How will this work?
When the internal setting ‘Enable Controls’ is enabled, a standalone Control Register will be available.
The Control Register can be accessed via the below options:
A new icon for the standalone Control Register will be available within the left-hand side menu.
Controls will be introduced within the Mega Menu under the Workspace as a new option (accessed via Camms.Risk Menu > Workspace > Control Register).
The filter section within the Control Register will consist of new filter options as below. These will be available as filters if they have been configured as Searchable in Register Configurations.
Hierarchy Links – This can be used to filter Controls based on the hierarchy linkages.
Linkage Type – This will filter Controls based on the entities it has been linked to.
Linked Record – This will filter Controls that are linked to other entities when either the Code or the Title is keyed in.
When the field ‘Links count’ is configured as visible, it will appear as a column in the Control Register. This will denote a summary count of all linkages of a Control, and when clicked on, a popup will display details of the linkages.
1.4 Creation of new Controls
1.4.1 Adding new Controls via Quick Links
Controls will be available as an option within the + icon in Quick Links. Upon clicking it, you will be directed to the Control Detail page. You will be able to create a new control by filling the required fields.
1.4.2 Adding new Controls via the Control Register
Controls can be created by clicking on + New button within the Control Register. This will direct you to the Control Detail page.
1.4.3 Adding new Controls via the Control Record Grid
Controls can be created via the Control Record grid, which can be configured within the Risk Assessment tabs. Upon clicking the Add New button, the Controls Record Detail page will open up via a popup.
1.5 Features within a Control Details Page and Control Record Details Page
1.5.1 Control Details Tab
Unique Record Grid
A new grid named Unique Record grid will be available within the Controls Details tab. This grid appears in the Control Detail page by default whenever the fields Control Owner, Control Owner Rating, Control Authoriser and Control Authoriser Rating are configured as ‘Unique for Record’, within Field Configuration (accessed via Camms.Risk Menu > Control Settings > Field Configuration) and the Control is linked to any Risk or Compliance records.
The grid will group Risk and Compliance records, and details such as Risk/Compliance Code Title and Type will be available against each individual record.
Control Solutions Grid
The Control Solutions grid will not be available within the Control Details page, as it will be configured as ‘Unique for Record’ within Field Configuration, accessed via Camms.Risk Menu > Framework > Control Settings.
Control Solutions can only be added via the Control Solutions grid in the Control Record Detail page, accessed via the Risk records linked to Controls.
A popup will be displayed upon clicking the Add New button of the Control Solutions grid. New Control Solutions can be added by filling in the details of this popup.
Control Actions will be considered as Risk Actions, as there is no separate Control Action Register.
1.5.2 Documents Tab
This tab will only be visible if it has been enabled as 'Show Tab' via Field Configuration under Control Settings (accessed via Mega Menu > Framework > Control Settings)
Both documents and URLs can be added against the Controls.
1.5.3 Links Tab
The Control Links tab will consist of the below new linkage options. These will be available based on the modules that have been enabled.
Risk
Audit Finding
Audit Recommendation
Risk Actions
Hierarchy
KPIs
Controls can now be linked to a Risk via the Linkage tab, within a Risk record as well.
Controls will be introduced as a new option within the Links tab of Audit, Audit finding, Audit Recommendation, and Risk Action in an upcoming release.
The titles within the linked record grids in the Control Links tab and the entity wise links tab will not be hyperlinked to click and view the detail page of the linked record. This will be provided in the next release.
1.6 My Quick Update
My Quick Update will consist of a new section ‘My Controls’, which will show the controls assigned to the Control Owners and Control Authorisers.
Control Owners and Control Authorisers can now view the Control Templates and the linked controls to Risk and/or Compliance within My Quick Update.
Two new columns called ‘Linked Record Type’ and ‘Linked Record Title’ will be available within the My Quick Update grid. The column ‘Linked Record Type’ will display the linked entity name, and the column ‘Linked Record Title’ will display the title of the record that the Control is linked to.
The Control Title will be hyperlinked. When clicked upon, a popup will be displayed with the fields configured as visible in My Quick Update, within Field Configuration, accessed via Camms.Risk Menu > Framework > Control Settings.
1.7 Permissions
Static Permissions
Two new user roles will be available ‘Control Creator’ and ‘Show Control’, accessed via Camms.Risk Menu > Administration > Users > Manage Users.
These two roles will consist of a set of predefined privileges based on which they could access the Controls related pages and functions.
The permissions related to the new Common Controls features for the existing roles have been modified, which will ensure that only the relevant roles will get access to the Control specific areas.
Flex Permissions
A new product named ‘Controls’ will be available within the product dropdown under Role Management (accessed via Camms.Risk Menu > Administration > Role Management > Add new/Edit.
This will load a Control specific permission tree where permissions can be assigned for areas such as Control Register, Control Detail page (Details tab, Documents tab, Links tab, and Control Assessment tab), and Control Settings.
Area | Permission | Description |
|---|---|---|
Control | Add | Ability to add a Control via quick links + icon and Add new option in the Control Register. |
| Delete | Ability to delete Controls via the Control Detail page. |
Control > Register | View All | All records in the Control Register will be displayed. This supersedes all other options. |
| View All Not Linked to Hierarchy | All Controls not linked to any hierarchy node will be displayed. |
| View Node Only | Controls directly linked to the logged in user’s hierarchy node will be displayed. |
| View Node with Children | Controls directly linked to the logged in user’s hierarchy node and the child nodes will be displayed. |
| View All Created | Controls created by the logged in user will be displayed. |
| View All Control Owner | Controls having the logged in user as the 'Control Owner', will be displayed. |
| View All Control Authoriser | Controls having the logged in user as the ‘Control Authoriser’ will be displayed. |
| View All Linked to My Risks | Controls linked to Risks which the logged in user is assigned as the ‘Risk Responsible Officer’, will be displayed in the Control Register. This permission will be applicable to the Risk Control Detail page as well. |
Control > Control Details | View | Read-only permission for Control Details |
| Edit | Edit fields in the Control Detail page |
Control > Document | View | Read-only permission for the Document tab |
| Edit | Upload/delete documents and URLs via the Document tab |
Control > Links | View | Read-only permission for the Links tab |
| Edit | Create linkages via the Links tab |
Controls > Control Assessment (This will be available only when the ‘Show Survey’ setting is enabled in the Camms.Risk Survey module.) | View | Read-only permission for the Control Assessment tab |
Framework > Control Settings | View | Read-only permission for Control Settings options |
| Edit | Permission for editing Control Settings |
Permissions for the Control Record grid and the Control Record Detail page will remain within 'Risk Management' in the Product dropdown.
1.8 My Settings
Controls will be available as a new option within the Homepage section in My Settings, accessed via Camms.Risk Menu > My Settings > Home Page. This will let you configure the Control Register as the Home Page when logging into the application.
1.9 Dashboards
Dashboards will continue to display the Controls linked to Risks and its count.
Features to look forward to in the upcoming releases
|
2. Create multiple hierarchy type Linkage fields |
This feature will allow administrators to add hierarchy type linkage fields, enabling you to link the risk to a node of any specific hierarchy, with minimal clicks.
How do you configure this?
A new setting called ‘Enable creation of multiple hierarchy link fields in the inherent tab for Strategic and Operational Risks’, enables this feature.
You will require to have ‘Administrator’ for Static Hierarchy permissions (accessed via Camms.Risk Menu > Administration > Manage Users) or ‘View and Edit permission’ permission for Flexible Hierarchy permissions (accessed via Camms.Risk Menu > Administration > Role Management > Camms.Risk > Framework > Risk Settings) which will enable the Add New button.
Clicking the Add New button will open a popup that you can use to add new ‘Hierarchy’ fields.
The popup window will display the following fields to be filled in:
Risk Field Name: The field name must be unique. Use only alphanumeric characters. Note that special characters are not allowed.
Label Name: This will be the field name displayed to users on the risk pages.
Help Text: You can use help texts to provide any instructions that you may want to display when hovered over the field.
Field Type: This field will be disabled temporarily as it only contains the hierarchy links field type as of this moment. More options will be introduced in future releases.
Hierarchy: This field will contain all the hierarchies that are configured in the application. You can select one of these hierarchies.
Visibility: This checkbox will let you hide or show the field to users.
Mandatory: This checkbox enables you to make this field a required field, the user will not be able to save the risk record without adding a hierarchy node.
Once you add the necessary fields, click the Add button in the popup to add the new hierarchy type field.
The new hierarchy field that is added will appear at the bottom of the grid.
How will this work?
The hierarchy field that was configured above, will appear in the Initial tab for a risk that is newly created or a risk that already existed.
By clicking on the Add/Edit Links button. You will be able to view the hierarchy configured for that field in a popup window.
By clicking on the Expand All and Collapse All buttons, you will be able to expand or collapse the hierarchy tree.
The search feature lets you narrow down your search to find specific nodes. This will be useful if you have a large hierarchy structure.
3. New standard Risk Attention Report |
This new Risk Attention report will provide a summary view of all risk movements within a selected reporting period, along with its associated Risk Controls and Risk Actions, followed by its corresponding detailed view.
This report consists of multiple filtration options along with the ability to filter the report, based on the selected Hierarchy Levels/Nodes. The rest of the available report filters are Risk Category, Risk Type, Risk Status, Action Status, Residual Risk Rating, which will enable you to filter and display the required content.
The first page of the report consists of a summary page, along with the filtered reporting period which will include the following details:
A section comprising widgets where the count, along with the percentage will be shown for Risks which have increased, Risks which have decreased, and Risks created during the reporting period. In addition, the count and percentage of Risks without Controls, Actions due for completion within 30 days, Risk and Control Reviews Overdue and Overdue Actions will be depicted.
A donut chart to display the Risk Movement Summary.
A series of three (3) donut charts to display Risks, Controls, and Actions which are due within 30 days, overdue by less than 30 days, overdue by 30 - 60 days, and overdue over 60 days, respectively.
In the next section, the report will comprise separate sections containing a detailed breakdown of the Risks Controls and Actions, in line to the information depicted in the above 'Summary' section.
The respective counts mentioned in the Summary section will be matched with their respective detailed section in the report.
The Risk related report sections will be arranged in the below order:
Risks that have Increased in Residual Rating
Risks that have Decreased in Residual Rating
Risks Created during the Reporting Period
Risks Overdue for Review
Risks with no Controls
Furthermore, the Organisation linkage associated with the Risk records will be shown in the Risk related sections of the report.
The next section of the report will comprise the Control and Action related information, whereby the respective counts mentioned related to Controls and Actions in the Summary section will be matched with their respective detailed section in the report.
The Control and Action related sections will be arranged in the below order:
Controls Overdue for Review
Actions Scheduled for Completion in the next 30 days
Actions Overdue for Completion
Furthermore, the list of linked Risk records associated with each of the Controls and Actions are depicted in each of these sections.
4. New standard Control Summary Report |
This new report will comprise a dashboard view providing an overview of Controls, followed by details on each Control along with its linkages.
The report consists of multiple filtration options, including a newly introduced Control filter which will enable you to filter and display the required content based on the Active status of the Controls. The rest of the filters comprise the Hierarchy filter together with five (5) multi-select filters for Control Type, Control Owner, Control Owner Rating, Control Authoriser, Control Authoriser Rating and a checkbox filter which will enable you to control the visibility of Control Comments.
The first section of the report which is the Control Summary section, comprises four widgets including the following details, with the aim of providing a summary view of all the Controls within the system.
A column chart to display Controls by Control Effectiveness
A column chart to display Controls by Control Authoriser Rating
A donut chart to display Controls Controls by Type
A donut chart to display Controls by the Review Status based on the Next Review Date
The next section of the report, which is the 'Control Details' section will provide details around all individual Controls within the application. This section will comprise two sub sections, wherein the initial section will provide a summary view of the key details relating to each individual Control, while the next section depicts details of the linkages associated with the Control in consideration.
The first section under 'Control Details' showcases the key details around each Control which will be depicted via a grid visualisation.
The Control Type, Status, Review Dates, Control Owner, Control Authoriser and their Ratings, along with the Control Comments and Organisational Links will be included within this grid.
The above key Control details grid will be followed by the next portion of the Control Details section, which will depict the linkages related to the Control, such as Actions, Risks, Incidents, Authority Documents, Policies, Obligations, Audits, Audit Findings, Audit Recommendations.
Key details related to each of these linkage items will be represented via an individual grid.
In an instance if the Control in consideration does not have a linkage to a particular item (Risk/Incident/Obligations, etc.), that entire grid related to the particular item will be hidden from the report.
5. Enhancements to existing standard Risk Register Report |
The Risk Register report will be enhanced to display Organisational linkages for Controls and Risk Actions, as well as the Revised End Date for Risk Actions. Moreover, you will now have the option of filtering the report content through multiple Secondary Risk Owners.
5.1 Addition of Organisational Linkages for Controls and Risk Actions
Organisational Linkages have been introduced to the Controls and Risk Actions section of the Standard Risk Register report as new columns to view the Org Hierarchy linkages associated with the Controls and Actions of the Risk in concern.
If an Organisation Linkage is not associated to a Control/Action, this column will be empty.
You can control the visibility of the 'Action Business Unit' column via the new filter 'Action Business Unit' under the Actions filter grouping, within the ‘Show Fields’ controller which will be ticked by default.
5.2 Addition of Revised End Date for Risk Actions
A new column 'Revised End Date' has been introduced to the Standard Risk Register report to view the Revised End Date related to a particular Action.
This column will be positioned between the 'End Date' and 'Action Status' within the Risk Actions section of the report.
In an instance where a particular Action does not contain a Revised End Date, this column will be empty.
The visibility of this column can be controlled via the existing 'Revised End Date' filter under the Action filter grouping within the ‘Show Fields’ controller.
5.3 Ability to filter by Secondary Risk Owner
A new multi-select dropdown filter ‘Secondary Risk Owner' will be introduced, and it will consist the list of Secondary Risk Owners in the application.
This filter will be defaulted to the ‘Show All’ scenario, where all Risks associated with each and every Secondary Risk Owner will be retrieved to the report.
This enhancement will let you view Risk records belonging to a single or selected set of Secondary Risk Owners within the Risk Register report, whereby the existing 'Secondary Risk Owner(s)' column within the report will depict the selected Secondary Risk Owner(s) against each Risk record.