Feature Release Note | Camms.Risk, December 2020

Camms is pleased to announce the December Feature Release for Camms.Risk.

This was released on 12th December 2020 and includes the following new features and enhancements to improve your user experience within the system. 

1. Introducing flexible field configurations on fields and forms for Strategic and Project Risk types

This modification will enable you to configure standard and custom fields in Strategic and Project risks; providing more flexibility in field configurations, along with changing the order of fields and setting-up help text, which appears when you hover over a field name.

Note: The Operational and Corporate risks will depict field configurations as per the existing system behaviour. We plan to extend the field configurability modification for Operational and Corporate risks in an upcoming sprint release.

How to do the configurations?

  • Users who have ‘Administrator’ permission in static hierarchy (accessed via Camms.Risk > Administration > Manage Users) or ‘Risk Setting’ permission in flex hierarchy (accessed via Camms.Risk > Administration > Role Management) will be able to configure the Risk fields.

  • The configurability of Risk fields can be accessed in the Field configuration page in Camms.Risk > Framework > Risk Settings > Field Configuration > Strategic / Project.

Note: The tab names for each risk type will display as per the client configured labels.

  • In this page, the field visibility as well as the mandatory state of all standard and custom fields can now be configured for the following sub tabs of a Strategic or Project risk.

    • Initial 

    • Revised

    • Future 

    • Risk Review 

Figure 1.1: Strategic Risk Field Configurations
  • A new column named ‘Quick Update’ has been introduced in each subtab. This will provide the ability to configure the fields in the My Quick Update expand detailed view if the field is made visible in the detail page. The My Quick Update grid will remain not configurable and will remain as the existing system behaviour.

Note: The flexibility of the Quick Update feature is only applicable for the Risk module for this sprint. Camms will incorporate the Quick Update feature for the Strategy/Sycle modules in a future sprint.

  • The field name can be changed as per client preference by providing the label name in the ‘Label Name’ column.

  • Help text for each field can be configured under the ‘Description’ column. 

  • The field order can be changed easily by dragging and dropping the field by selecting the field from the three dots in the right side corner. The order can also be configured by selecting the field by ticking ‘Ordering’ checkbox and then clicking the Up or Down arrows keys in the top right corner of the page.

Initial, Revised, and Future Tabs

  • The Initial assessment details page will list the following fields where the visibility and the mandatory state cannot be changed; thus will be ticked and disabled. However, the visibility of these fields for the Revised and Future tabs can be configured in those respective subtabs.

    • Risk Code

    • Risk Title 

    • Risk Active Status 

    • Risk Owner 

    • Risk Category

  • The following fields, other than the ones mentioned above, will now be available to be configured as visible in subtabs, Initial, Revised, and Future. 

    • Business Unit 

    • Organisation Hierarchy Links – only available for customers with flexible hierarchy feature 

    • Responsibility Center

    • Team

    • Risk Subcategory

    • Secondary Risk Category

    • Risk Identified

    • Risk Identifier

    • Links 

    • SWOT type – only available for Strategic Risk and customers that have a Camms.Strategy subscription 

    • Causes 

    • Consequences

    • Risk Appetite Rating 

    • Risk Appetite Benchmark 

    • Additional Controls 

    • Show in Environment Analysis – only available for Strategic Risk and customers that have a Camms.Strategy subscription

    • Project/Action Title – only available for Project Risk

  • These fields can be managed assessment wise for the visibility and mandatory state:

  • Risk Assessment

  • Monte Carlo Analysis 

  • Risk Treatment 

  • Controls 

  • Solutions

  • Legislation 

  • Business Process 

  • Causes (Custom) 

  • Consequences (Custom) 

  • Existing Controls 

  • Future Controls 

  • Stakeholder 

  • Document Reference 

  • Audit Observations

  • Multiline Custom field 01 – 10 

  • Custom List field 01 – 20  

  • Custom Tick-box 01 – 05  

  • Custom Text field 01 – 10  

  • Custom Date field 01 – 05  

  • Custom Numeric field 01 – 05 

  • These hyperlinked fields contain extra settings that could be enabled via the Field Configuration area – assessment wise:

    • Risk Assessment – Show Risk Score: By ticking this setting, the Risk Score will be displayed in the Detail pages and the Register area.

    • Risk Appetite Rating – Show Appetite Score: By ticking this setting, the Appetite Score will be displayed in the Detail pages and the Register area.

  • Risk Treatment – Ability Select Multiple Risk Treatments: By ticking this setting, you will be able to select multiple treatments. Previously this feature was available under Menu > Administration > Configuration > Settings.

  • The visibility of Risk Assessments can now be managed via the Field Configuration area, without having to turn off the visibility via Menu > Framework > Risk Settings > Criteria.

Risk Review Tab 

  • The ‘Risk Title’ and the ‘Risk Active Status’ fields can be configured to be visible, but cannot be made mandatory since it is label fields.

  • The following fields will be available but the visibility and mandatory state cannot be changed for the Risk Review tab and therefore will be ticked and disabled:

    • Review Frequency

    • Last Reviewed By

    • Last Reviewed Date

    • Next Review Date

    • Project/Action Title – this field is only available for Project Risk

  • The following fields that were under Menu > Framework > Risk Settings > Review Commentary, has now been moved to the ‘Field Configuration’ area. These fields will be hyperlinked and provide an extra setting ‘Read Only’ and when ticked will display only as read only fields.

    • Risk Owner Comments

    • Previous 6 Months Highlights

    • Management Comments

    • Next 6 Months Planned Activities

  • The below custom fields have been introduced in the ‘Risk Review’ area: 

    • Custom List field 01 - 20

    • Custom Tick-box 01 - 05

    • Custom Text field 01 - 10

    • Custom Date field 01 - 05

    • Custom Numeric field 01 – 05

Risk Control

  • You can set the ‘Mandatory’ state of all fields under Risk Controls separately, in the Control Detail page, Control Risk Detail, and Risk Grid.

  • The ‘Visible’ state of the control register and searchable in the register, has now been moved to the Register Configuration area.

2. Introducing a flexible field configuration for Risk actions

This modification will provide flexibility to configure the standard fields for a risk action. The fields can be configured as visible within the Risk action grid, Risk Action details page, My quick update grid, and My quick update details page. In addition, the ability to set up the field as mandatory or not is now possible, and the configuration has extended the flexibility for custom fields. 

How to do the configurations?

  • Users with the ‘Administrator’ permission in static hierarchy (accessed via Camms.Risk > Administration > Manage Users) or ‘Risk Setting’ permission in flex hierarchy (accessed via Camms.Risk > Administration > Role Management) will be able to configure the risk action fields.

  • The configurability of Risk Actions can be accessed in the Field Configuration page in Camms.Risk > Framework > Risk Settings > Field Configuration > Risk Actions.

  • This page will have a 2-tab view labelled as ‘Details’ and ‘Links’.

    • Details – The configuration for Risk actions fields can be done here.

    • Links – The configuration to enable linking a risk action to an Audit recommendation in the Risk Action details can be done here.

Details

  • The details page will list and allow to configure all of the existing standard fields which are as follows: 

    • Action Title

    • Resource Requirement 

    • Responsible Officer

    • Department 

  • Start Date 

  • End Date  

  • Reporting Frequency  

  • Completed Date  

  • Control Title  

  • Next Update Required 

  • Links 

  • Linked Risks

  • Action Status 

  • Percent Complete 

  • Progress Comment 

  • Next Update Required 

  • Last updated by 

  • Time stamp 

  • The following set of custom fields have now been introduced in this page:

    • Multiline Custom text fields 01-10

    • Custom Single select list fields 01-10

    • Custom Tick boxes 01-05

    • Single line Custom Text fields 01-10

    • Custom Numeric fields 01-10

  • The field name can be changed as per client preference by providing the label name in the ‘label replacements’ column.

  • Help text for each field can be configured under the ‘Description’ column. 

  • The field sequence can be changed easily by dragging and dropping the field by selecting the field from the three dots in the right side corner. Additionally, the order can be configured by selecting the field by ticking the ‘Ordering’ checkbox and clicking the Up or Down arrows keys in the top right corner of the page. 

  • Each of these standard/custom fields can be configured to be displayed in the below areas by ticking the checkboxes under the respective columns.

  • Visible in Risk Action Detail – The standard/custom fields checked here will display as fields in the Risk Action Detail page of an action within a Risk.

  • The standard fields ‘Action title’ will be ticked and disabled.

  • The standard fields ‘Responsible officer, Start Date, End date, Percentage complete and Action Status’ will also be ticked and disabled by default in this column.

  • Visible in Risk Action Grid – The standard/custom fields checked here will display as columns in the Risk Action Grid within a Risk.

  • The standard fields ‘Action title’ will be ticked and disabled. 

  • The standard fields ‘Responsible officer, Start Date, End date, Percentage complete and Action Status’ will also be ticked and disabled by default in this column.
    .

  • Visible in Actions Grid in Quick Update – The standard/custom fields checked here will display as columns under ‘My Risk Actions’ in My Quick Update.

    • The standard field ‘Action title’ will be ticked and disabled by default.

    • The standard fields ‘Additional Risk Controls, Linked Risks, Control Title, Last Updated By, and Time Stamp’ will be unticked and disabled by default in this column.

  • Visible in Actions Detail in Quick Update – The standard/custom fields checked here will display as rows when an action is expanded in ‘My Risk Actions’ in My Quick Update.

    • The standard field ‘Action title’ will be ticked and disabled by default.

    • The standard fields ‘Control Title and Links’ will be unticked and disabled by default in this column.

  • Mandatory – The fields which are ticked under the ‘Mandatory’ column will be mandatory throughout the four areas mentioned above.

    • The standard fields ‘Action title’ will be mandatory at all times.

    • The standard fields ‘Responsible officer, Start Date, End date, Percentage complete, and Action Status’ will also be ticked and disabled by default in this column.

  • The standard fields ‘Performance, Linked Risks, Links, Time stamp, and Last updated by’ will be unticked and disabled by default.

  • The fields Revised Start Date, Revised End Date, Original End Date, Additional Controls have been included as standard fields and can be configured accordingly.

  • The field configurations and the Links tab configuration will be applied across all risk types.

Links

  • The visibility of the ‘Links’ Tab within the Action details page can be configured by ticking the ‘Show Links’ checkbox within the Links tab in the field configuration page for a risk action. This tab enables the end user to create a linkage between a risk action and an audit action.

3. Introducing performance indicators for risk treatment actions

Risk treatment actions will have a new performance indicator within the risk assessments, to indicate if the action is On track, Off Track or Monitor status. Additionally, this will be available in the Risk Register to show a summary of how risk actions are performing for each risk.

How to do the configurations?

  • Configuring the Performance Field – The Performance field will be configurable via Camms.Risk > Framework > Risk Settings > Field Configuration > Risk Actions tab.

    • Visible in Risk Action Details – Ticked by default. This will show the performance indicator in the details page accessed by clicking on the action title via the action grid in risk assessments.

    • Visible in Risk Action Grid – Unticked by default. This will show the performance indicator in the action grid in risk assessments.

    • Visible in Action Grid in Quick Update – Unticked by default. This will show the performance indicator in the action grid in Quick Update under the My Risk Actions section.

    • Visible in Action Details in Quick Update – Ticked by default. This will show the performance indicator in the action grid’s expand in Quick Update under the My Risk Actions section. 

    • Mandatory – Unticked and disabled since this field displays as a label.

  • Configuring the Performance Thresholds – This will be added from Camms.Risk > Administration > Configuration > Action Progress Threshold, to determine the thresholds for each performance category for the risk action. By default, the below values will be set, which can be changed if required. 

    • On Track:  >= 90

    • Off Track:  < 70

    • Monitor:  Less than 90 and greater than or equal to 70

  • Configuring the Risk Action Count Field – To configure the summary count of how all the linked risk actions are performing for each risk within the Risk Registers, go to Camms.Risk > Framework > Risk Settings > Register Configuration.

    • A new field named ’LinkedRiskActionCount’ will be available and configurable.

  • Visible – Unticked by default. When ticked, this will appear as a column in the register, showing a summary count by performance category for all risk actions that are linked with that risk.

  • Searchable – Unticked by default. When ticked, this will appear as a filter in the register as a multi select dropdown.

  • Sequence – This will define the order in which the field should appear in the register as a column and as a filter. By default, this will be given the last position.

  • Width – This will define the width of the column if enabled to be shown in the register. This will have the default width of 0.

  • Label Reference – The name of the column can be configured here. The Default column name will be ‘Risk Action Summary’.

How will it work? 

  • Performance Indicator – The performance of a risk action will be denoted by either one of the four colour coded performance categories, namely ‘On Track’, ‘Off Track’, ‘Monitor’ and ‘Not Applicable’. This will display within the Risk action grid, Risk Action Details page, My Quick Update grid and My Quick Update Details page based on the field configuration.

 The modifications will be available in the following reports after 17th of December 2020.

  1. Risk Heatmap Report 

  2. Risk Action Summary Report

  • Risk Action Count under Risk Registers – The Risk Registers will display a new column to show a summary of how all linked risk actions are performing for each risk register type.

    • This will display the summary count of risk actions for each performance category that are linked with a risk. The circles will be colour coded based on the performance value they represent. If there are no risk actions for a performance category, it will not be shown.

    • This column cannot be used to group the Risk Registers by dragging the column to the top of the table.

  • Filter by Performance category – Risks can be filtered based on the linked actions’ performance indicators. 

    • This will be a multi select dropdown listing options of Off Track/On Track/Monitor and N/A. When the end user selects one or more option from here, risks with linked actions of the selected performance categories will be filtered and shown.

  • Performance Indicator Colour Codes – the below standard performance categories will be introduced:

    • On Track (green) – Indicates that the % completion of the risk action is on track.

    • Monitor (amber) – Indicates that the % completion of the risk action requires close monitoring to get the risk action back on-track.

    • Off Track (red) – Indicates that the % completion of the action is off track.

    • N/A (grey) – Indicates that the performance of the action cannot be calculated.

  • Performance Calculations

    • Where the action's status is ‘Completed’, the performance would be always set to ‘On Track’.

    • Where the action's statuses are either ‘Deferred’ or ‘Ongoing’, the performance would be always set to ‘N/A’

    • Where an action has the status ‘Not Started’ or ‘In Progress’, the performance will be calculated as below:
      Performance = (Percentage Complete / Target Completion %) * 100

      • Percentage Complete = The actual performance of the action based on the percent complete value added (between 1 – 99). This is added by the user in the ‘% Completion’ field within the risk action.

      • Target Completion % = Target will be calculated considering the start and end dates with linear progression, whereby performance would be 0% on the start date, and 100% on the end date. 

      • Target = [(Current System Date - Action Start Date) / (Action End Date - Action Start Date)] * 100%
        Example: If the duration on the action is two months, at the end of the first month, the performance target will be calculated to be 50%.

  • The Performance indicator would display as ‘On Track’, ‘Off Track’ or ‘Monitor’ based on the configured threshold values.

    • On Track:   >= 90

    • Off Track:  < 70

    • Monitor:  Less than 90 and greater than or equal to 70

  • If the ‘Current System Date’ is equal to the ‘Start Date’, then the calculated Target will be 0. In this event, the performance indicator will be shown as ‘On Track’. The performance calculation will be disregarded.

  • If the action has a ‘Start Date’ which is a future date, irrespective of status or % Complete, the performance indicator will be shown as ‘On Track’.

4. View linked risk details in the heatmap dashboard

Now you can view linked risk details in the heatmap dashboard itself, when accessed via the ‘View Details’ popup window for a specific risk item. This will give you an insight of all risks associated for a given risk item.

How will it work?

  • Access the Camms.Risk > Menu > Workspace > Risk Analysis page and click on the ‘Heatmap Dashboard’ tab.

  • Click on a ‘Risk’ that you wish to view linked details in the heatmap dashboard and click the ‘View Details’ link placed at the top of the dashboard.

  • Click the ‘Risks’ subtab in the popup window to view linked risk details.

  • The newly introduced ‘Risks’ subtab is positioned as the 4th tab under the ‘View Details’ popup window.

  • This feature has been enabled for both Static and Flex hierarchies.

5. Re-designed Overdue Summary Report

5.1 Visual and Layout Improvements

The Overdue Summary Report has been updated to include the visual and layout improvements detailed below.

  • The appearance of the ‘Overdue Risks’ and ‘Overdue Risk Controls’ grid sections have been improved to allow clear visualisation of information.

5.2 Addition of grouping to Overdue Risk Section

  • The overdue risk section within the Overdue Summary Report has been incorporated with a risk type grouping based on the selections being made through the report filters.

  • The report grouping is integrated at the top of each ‘Overdue Risks’ grid section to provide a more comprehensive view of details.

5.3 Incorporating flex hierarchy permissions to the report

    The Overdue Summary Report has been updated to include flex hierarchy permissions.

  1. The existing static hierarchy filters has been replaced by the new 3-tier hierarchy filter.

  2. Both the existing and new security models have been introduced within the report to filter out the content of the report, based on the view permissions applicable for the user at run-time of the report.

6. Enhancements to Risk Heatmap Report

The following improvements have been incorporated into the Risk Heatmap Report to provide a more comprehensive view of details.

6.1 Showcase linked Incidents and linked Risks 

For a better upgrade of the report the linked Incidents and linked Risks of the available risks are now displayed within the Risk Overview section of the report.

  1. The linked Incidents and linked Risks are displayed using universal fields for all users. 

  2. In an instance where the risks do not contain linked Incidents or linked Risks, the report showcase text ‘N/A’ to avoid inessential empty details within the report. 

6.2 Showcase overall ‘Effectiveness of Control’ of risks

The overall Effectiveness of Control value available for each assessment are now displayed within the report to improve the usability of the report.

  1. In an instance where the ‘Effectiveness of Control’ is activated in all the assessments, the report displays the relevant identification character of the respective assessment title.

7. Improved Bow Tie Risk Report

 7.1 Incorporating flex hierarchy permissions to the report

    The Bow Tie risk Report has been updated to include flex hierarchy permissions.

  1. The existing static hierarchy filters has been replaced by the new 3-tier hierarchy filter.

  2. Both the existing and new security models have been introduced within the report to filter out the content of the report, based on the view permissions applicable for the user at run-time of the report.

8. Enhancement of Risk Category filter in both standard and custom risk reports

The Risk Category filter is now modified to exhibit the relevant sub-categories of each risk category within the filter. 

  1. Both the single select and multi-select filters have been updated to improve the comprehensive usability of the filter. 

  2. The sub-categories are loaded below with the respective risk categories available within the system.Â