Camms.Risk | Jul-Sep 2021
- amani imtiyas
Camms is pleased to bring you the Quarterly Product Release Notification for Camms.Risk.
This quarter we've got a number of exciting new features and enhancements to improve your user experience within the system, which will be available in your Test environment on 11th September 2021 and will be available in your Live instance on 25th September 2021.
1. Flexible field configurations for Operational and Corporate Risk types |
Administrators will now be able to configure standard and custom fields for all tabs in Operational and Corporate risks as it is for Strategic and Project risks. Further, you will be able to change the order of fields and setup help text that will be visible when hovering over the field name.
How do you configure this?
Users who have ‘Administrator’ permission in static hierarchy (accessed via Camms.Risk > Administration > Manage Users') or ‘Risk Setting’ permission in flex hierarchy (accessed via 'Camms.Risk > Administration > Role Management) will be able to configure the Risk fields.
The configurability of Risk fields can be accessed in the Field Configuration page in Camms.Risk > Framework > Risk Settings > Field Configuration > Operational / Corporate.
Note: The tab names for each risk type will display as per your configured labels.
The following configurations can be done for all three assessments tabs (Initial, Revised, and Future) and the Risk Review tab for Operational and Corporate risk types.
Note: If the ‘Future Assessment’ is not ticked via 'Menu > Framework > Risk Settings > Initial Settings', the Future Assessment tab will be hidden.
Ordering – The order can be configured by selecting the field by ticking the ‘Ordering’ checkbox and then clicking the up or down arrow keys at the top-right corner of the page. Additionally, the field order can be changed easily by dragging and dropping the field by selecting the field from the three dots in the right-side corner.
Label Name – The field name can be changed as per client preference by providing the label name in the ‘Label Name’ column.
Help Text – Help text for each field can be configured under the ‘Help Text’ column.
Visibility – The field visibility within each detail page can be configured by selecting this tick box. The visibility of some fields are visible by default, as mentioned below.
Mandatory – The mandatory state of the field can be configured by selecting this tick box. Enabling this, would prompt you to enter information and not saving it with a blank value. The required state of some fields are set by default, as mentioned below.
My Quick Update – A new column named ‘Quick Update’ has been introduced in each of the sub tabs. This will provide the ability to configure the fields in the My Quick Update, expand detailed view. In order for the field to be visible in the expand view, the field must additionally be made visible. The expand view will only show data from either one of the assessment details pages. This is governed by a pre-defined set of logic based on the calculation of the risk rating in either of the three assessments. Please see figure 1.2 for the logic by which the data will be displayed in the expand view.
The My Quick Update grid will remain not configurable and will remain as per the existing system behaviour.Figure 1.1: Quick update column to configure visibility within Operational and Corporate risks
Initial, Revised, and Future tabs
The Initial assessment details page will list the following fields where the visibility and the mandatory state cannot be changed. Therefore, these will be ticked and disabled. However, the visibility of these fields for the Revised and Future tabs can be configured in these respective sub tabs and will appear as labels.
Risk Title
Risk Active Status
Risk Owner
Risk Category
Risk Code
Note: The Risk Code field will be the only field among the list above where the mandatory option will be enabled for configuration. The setting 'IsRiskCodeRequired’ in the Initial settings section will be removed and handled via the Mandatory checkbox.
The following fields are configurable for its visibility and its mandatory state. However, data input is only possible within the Initial Assessment tab. It will display only as labels in the Revised and Future Tabs.
Business Unit
Responsibility Center
Teams
Risk Secondary Owner
Primary Risk Sub Category
Secondary Risk Sub Category
Risk Identified
Risk Identifier
Links
Causes
Consequences
Risk Appetite Rating
Risk Appetite Benchmark
Additional Controls
SWOT Type – Available for Strategic, Operational, and Corporate Risks and customers that have a Camms.Strategy subscription.
Show in Environment Analysis – Available for Strategic, Operational, & Corporate Risk and customers that have a Camms.Strategy subscription.
The following fields will show/hide within the field configuration area, based on the internal settings ‘EnableFlexibleOrganisationHierarchy’ (Flexible Organisation Hierarchy):
Flexible Organisation Hierarchy | Static Organisation hierarchy |
Organisation links | Responsibility Center |
| Business Unit (only for Operational risk) |
| Teams |
The fields below can be managed assessment wise for its visibility and mandatory state, and will be editable in all three assessments:
a. Risk Assessment
b. Monte Carlo Analysis
c. Risk Treatment
d. Controls
e. Solutions
f. Legislation
g. Business Process
h. Causes (Custom)
i. Consequences (Custom)
j. Existing Controls
k. Future Controls
l.Stakeholder
m. Document Reference
n. Audit Observations
o. Multiline Custom field 01 – 10
p. Custom List field 01 – 20
q. Custom Tick-box 01 – 05
r. Custom Text field 01 – 10
s Custom Date field 01 – 05
t. Custom Numeric field 01 – 05
The below hyperlinked fields contain extra properties that could be enabled via the Field Configuration area, assessment wise:
Field name | Property name | Description of the property |
|---|---|---|
Risk Assessment | Show Risk Score | By ticking this property, the Risk Score will be displayed in the Detail pages, Register, EIS, and Dashboard area. |
Risk Appetite Rating | Show Risk Appetite Score | By ticking this property, the Appetite Score will be displayed in the Detail pages, Register, EIS, and Dashboard area. |
Primary Sub risk category | Select only one Risk Sub Category | By ticking this property, it limits you to select only one Primary Sub Risk Category. |
Risk Status | Editability only for Risk Manager and Administrator | By ticking this property, only a Risk Manager or Administrator is able to edit the Risk Status tick box. |
Risk Status | Editability by any user | By ticking this property, any user is able to make a risk active/inactive. |
Secondary Risk Owner | Allow multiple risk owner selection | By ticking this property, it will enable the staff dropdown to be a multi selection, where multiple risk owners can be selected. |
Secondary Risk categories | Show Risk secondary sub risk category | By ticking this property, the subcategories for the secondary risk categories will list as a multiple selection dropdown. |
Risk Identifier | Risk identifier to be a staff selection | By ticking this property, the risk identifier can be selected from a staff dropdown. |
Risk Review Tab
The ‘Risk Title’ and the ‘Risk Active Status’ fields can be configured to be visible, but cannot be made mandatory, since these are label fields.
The following fields will be available, but its visibility and mandatory state cannot be changed for the Risk Review tab, and therefore will be ticked and disabled:
Review Frequency
Last Reviewed By
Last Reviewed Date
Next Review Date
The following fields that were under 'Menu > Framework > Risk Settings > Review Commentary', has now been moved to the ‘Field Configuration’ area. These fields will be hyperlinked, which will provide an extra setting ‘Read Only’ and when ticked, will display only as read-only fields.
Risk Owner Comments
Previous 6 Months Highlights
Management Comments
Next 6 Months Planned Activities
The below custom fields have been introduced in the ‘Risk Review’ area:
Custom List field 01 – 20
Custom Tick-box 01 – 05
Custom Text field 01 – 10
Custom Date field 01 – 05
Custom Numeric field 01 – 05
Field name | Property name | Description of the property |
|---|---|---|
Review > Next Review Date | Update the Next Review Date when the Comment is updated | By ticking this property, the Next Review Date will automatically update based on the selected frequency when a comment is updated. |
Review > Next Review date | Editability only for Risk Manager and Administrator | By ticking this property, the Next Review Date field is editable only to the Risk Manager and Administrator. |
Review > Review Frequency | Update Frequency based on the Risk Rating | By ticking this property, the Risk Review Frequency field will automatically update based on the risk rating. A frequency can be defined for a risk rating under 'Menu > Framework > Risk Settings > Risk Type'. |
2. Introducing Reassign Staff Responsibilities page to Camms.Risk |
This enhancement enables the Reassign Staff Responsibilities area to be accessible for customers who only have access to Camms.Risk (previously available in Camms.Strategy), and will further extend its coverage to include transferable responsibilities in the Camms.Risk Incident and Camms.Risk Compliance modules.
How do you configure this?
2.1 For clients using the standard permission structure
This page will be accessible for users with ‘Administrator’ or ‘Risk Manager’ permissions within ‘Manage Users’ (accessed via main Menu > Administration > Users > Manage users) page.
2.2 For clients using the flexible hierarchy permission structure
A new permission called ‘Reassign Staff Responsibilities’ will appear under ‘Administration’, under the ‘Risk’ product, within the ‘Role Management’ area. Users with access to the role management area can configure permissions via Menu > Administration > Role Management > [New icon / Edit icon of an existing role] > Product [Select Risk] > Risk > Administration > Reassign Staff Responsibilities.
How does this work?
Once the above configuration is done. You will be able to access a new page called ‘Reassign Staff Responsibilities’, which can be accessed via Menu > Administration > Reassign Staff Responsibilities.
Select the user whose responsibilities you wish to transfer using the ‘Responsibilities From’ area.
Clicking on the ‘Responsibilities From’ will open a popup window, where you can select the staff whose responsibilities you wish to transfer.
Once a staff member is selected, all responsibilities assigned to that user will appear in the grid below.
By default, responsibilities belonging to closed incidents will not be shown. If the ‘Show closed items (Incident)’ checkbox is checked, responsibilities belonging to closed records will appear. A prefix ‘Closed’ will appear on the responsibilities, which will allow you to distinguish the responsibilities among open records.
To reassign responsibilities from the selected user to another, there are two ways to do this. You can either reassign responsibilities individually or as a bulk.
To reassign responsibilities individually:
Click on the ‘None’ button against each responsibility within the ‘Assign To’ column. Then select your preferred staff in the list to inherit the responsibilities. With this individual assignment feature you can assign different responsibilities to different staff members.
To reassign responsibilities as a bulk:
This feature allows you to transfer all the responsibilities or one/several responsibility types from one user to another in one go. You can use the ‘Bulk Reassignment’ feature by selecting a user under the ‘Bulk Reassignment’ button at the top-right corner of the window.
Click on Save to reassign all responsibilities to the selected user.
To reassign responsibilities by type, select the type by clicking on the Select Responsibility Type button.
Until you click Save, the status of the selected responsibilities will be ‘Pending to Save’. Once you click on the Save button, the responsibilities will be reassigned to the selected user selected in the ‘Assign To’ area. Once saved, the status will change to ‘Successfully Transferred’.
3. Enabling a dedicated Primary Risk Sub Category dropdown |
The sub categories for a primary risk category, which was within the 'Sub Categories and Secondary Categories' field, will be separated out, and a new dropdown will be introduced to select the Primary Risk Sub Categories.
3.1 Configuring the Primary Risk Sub Categories field
Display the Primary Risk Sub Categories within the dropdown, by configuring this within the ‘Categories’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Categories).
Configure the visibility of the Primary Risk Sub Category field within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Visible' checkbox of the field ‘Primary Risk Sub Categories’.
Configure the mandatory state of the Primary Risk Sub Category field within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Mandatory' checkbox of the field ‘Primary Risk Sub Categories’.
Configure the visibility of the Primary Risk Sub Category field within the My Quick Update page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Visible' checkbox of the field ‘Primary Risk Sub Categories’ under the column 'Quick Update'.
3.2 Configuring the Primary Risk Sub Categories field as a single select
Configure the Primary Risk Sub Categories field as only a single select field within the Initial/Inherent Assessment page for all risk types, within the ‘Field configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by clicking on the hyperlink of the Primary Risk Sub Category field, and in the popup window, select the checkbox 'Select only one risk sub category ' and save.
3.3 Configuring the Secondary Risk Categories field
Display Secondary Risk Categories within the dropdowns, by configuring this within the ‘Categories’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Categories).
Configure the visibility of the Secondary Risk Categories field within the Initial/Inherent Assessment page for all risk types, within the 'Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Visible' checkbox of the field ‘Secondary Risk Categories’.
Configure the mandatory state of the Secondary Risk Categories field within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Mandatory' checkbox of the field ‘Secondary Risk Categories’.
Configure the visibility of the Secondary Risk Categories field within the My Quick Update page for all risk types, by configuring this within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration) by enabling the 'Visible' checkbox of the field ‘Secondary Risk Categories’ under the column 'Quick Update'.
Configure the Sub Categories for Secondary Risk Categories within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by clicking on the hyperlink of the ‘Secondary Categories’ field and in the popup window, select the checkbox ‘Show secondary sub risk categories' and click Save.
How will this work?
If the ‘Visible’ tick box is ticked under the Initial/Inherent column in the Field Configuration page for the 'Primary Risk Sub Categories' and 'Secondary Risk Categories' fields, these will display as a dropdown in the Initial/Inherent Assessment tab, and as a label in other Assessment tabs for all risk types.
If the property ‘Show secondary sub risk categories’ has been ticked, the ‘Secondary Risk Categories’ dropdown will list the sub categories of the secondary risk categories.
4. User interface updates to enhance usability |
Continuing our focus on enhancing your user experience, this release will include the following user interface updates:
Appearance and UI for the Next button within Risk tabs
System messages that automatically fade out (e.g. successful save messages)
Freezing headers in the Consequence rating popup window
5. Enhancements to the Bow Tie Report to incorporate a Risk Status filter and display Risk Ratings based on visibility |
The Bow Tie Report will be enhanced to filter risks based on the status by incorporating a Risk Status filter. Further, the Risk section within the report will be modified to display the risk ratings based on their visibility configurations within the system.
5.1 Visual and Layout Improvements of the Risk Ratings
The risk ratings will be adjusted as per the visibility of the number of risk ratings present for each risk type.
The appearance of the risk ratings will automatically adjust to represent the risk ratings visible for each risk type as shown below (Please see figures 5.1, 5.2 & 5.3 that visualise the look-and-feel of multiple scenarios).
6. Extending the Standard Risk Register Report to accommodate new fields and multiple filtration options |
A new column 'Linked Control' has been introduced to show the Control linked to a particular Risk Treatment Action. Moreover, you will now have the ability to filter risk actions by Action Status, while the Organisation Hierarchy Link, Next Review Date, and Last Review Date fields will be depicted by default within the report. Further, you will be able to see a clear distinction between the Primary Risk Sub Categories and Secondary Risk Categories.
6.1 Addition of Linked Control column
A new column 'Linked Control' has been introduced to the Standard Risk Register report to view the Controls linked to a particular Action; i.e. if there is a Control that is linked to an Action, the title of that Control will be depicted through this column.
This column will be positioned at the end of the Risk Action columns; i.e. after the ‘Completed Date’ column, and will be grouped against the Actions of a particular Risk.
If a Control is not associated to an action, this column will be empty.
You can control the visibility of the column via the static filter ‘Linked Control’ under the ‘Risk Treatment Actions’ grouping, within the ‘Show Fields’ filter.
This filter will be unticked by default. Upon enabling, the ‘Linked Control’ column will be depicted within the report.
6.2 Ability to filter Risk Actions by Action Status
A new multi-select dropdown filter ‘Action Status' will be introduced, and it will consist of all the action status types including: Not Started, In Progress, Completed, Deferred, and Ongoing. This will be defaulted to the ‘Show All’ scenario, where all actions will be retrieved to the report.
This enhancement will allow you to filter the Risk Actions within the Risk Register report based on its respective Action Status.
6.3 Organisation Hierarchy Linkages, Next Review Date and Last Review Date fields will now be depicted by default within the report
This enhancement will allow you to extract the Organisation Hierarchy Linkages, Next Review Date, and Last Review Date fields by default into the Risk Register report, as they will now be ticked-on within the ‘Show Fields’ filter, under the Risk Detail and Risk Review filter groupings.
6.4 Clear distinction between the Primary Risk Sub Categories and the Secondary Risk Categories
This enhancement will provide you with a clear distinction between the Primary Risk Sub Categories and the Secondary Risk Categories fields. These risk categories will be visible in the report if at least one of the risk types have it enabled.
If there is no data available for a category pertaining to a risk, it will be displayed as blank.
These risk categories are controlled via the filtrations under the Risk Detail filter grouping within the ‘Show Fields’ filter.
7. Enhancing the Standard Risk Heatmap Report with multiple filtrations and layout updates
The Risk Category field within the report will be modified to clearly segregate the Primary and Secondary Risk Categories. The hierarchy filters will be modified to be compatible with our beta flexible security feature. Moreover, the Risk Status filter will be defaulted to 'Active' wherein, the Risk filter will load only the Active Risks by default, while providing the ability to control the visibility of Actions, KPI's, Incidents, and Risks sections.
The following modifications have been incorporated into the Risk Heatmap Report to provide a more comprehensive view of details.
7.1 Incorporation of Linked Actions, KPI’s, Risks, and Incidents filters
For a better usage of the report, four new tick box filters have been introduced in the report filter page, which addresses the linked Actions, KPI’s, Risks, and Incidents of the report.
The four new filters will be ticked by default.
If the risk does not consist at least one record for a particular section, it will be hidden from the report.
The below image depicts how it would appear if no incident records are linked to a risk. In this case, the entire section will be hidden. Consequently, the same behaviour is followed for other sections.
7.2 Enhancing visualisation of the Inherent Circles
The inherent circles represented in the heatmap of the report will be visualised in a darker grey colour to uplift the look-and-feel of the representation.
7.3 Incorporating Primary Risk Sub Categories and Secondary Categories
The Risk Overview section’s Risk Category has now been incorporated with the Primary Risk Sub Categories and the Secondary Risk Categories fields, based on the visibility.
The existing static primary risk category will remain as it is. If any sub categories are associated to it, it will be represented correspondingly along with a dash.
This will be followed by any secondary categories and sub categories associated with the risk, and will be subsequently represented.
The primary risk category and the secondary risk categories will be displayed in bold and in order of the application, to determine that it is a main category. Whilst the sub categories will be represented in normal text.