Camms.Risk Controls Management - August 2024
Camms is pleased to bring you the Quarterly Product Update Notification for the Camms.Risk Controls Capability.
This quarter we've got exciting enhancements to improve your user experience within the system, which will be available in your Test environment on 13th July 2024 and will be available in your Live environment on 3rd August 2024.
1. Introducing a new Control review process along with auto-populating the control next review date |
---|
This enhancement will introduce a Control Review process for Controls. With this enhancement, users will have the ability to review the controls in the Control Register, as well as the controls in the Risk and Compliance Control Grids.
How do you configure this?
Navigate to Control Settings > Control Review.
In the Control Review tab, activate the Control review process in the system by toggling "Enable Control Review".
Once the toggle is on, the Review frequency table and other review control buttons will appear in the Control Review tab.
From the Review frequency table, add Review frequency options using the “Add new” button. Edit and Delete functionalities are also provided to maintain the Review frequency options in the table as preferred.
The “Next review date based on” option is mandatory and must be selected. The Next review date of the Controls will be determined and populated based on the selected “Next review date based on” option.
If necessary, a default control review frequency can be set from the “Set a default frequency value” dropdown. If a default frequency is set, the “review frequency” field within the Control records will display this selected default value.
Once the above configurations are complete, navigate to the Field configuration area to configure the newly introduced “Review frequency” and “Last Reviewed By” fields so they can be displayed in the Control records, Control Register, and Control Grids of Risk and Compliance.
Please note that if any of the fields “Review frequency”, “Last Reviewed By”, “Last Review Date”, and “Next Review Date” is marked as Unique, the other three fields will also automatically be marked as Unique. If any of them are unmarked or kept as Common, the other three fields will also be unmarked or kept as Common.
How does it work?
Once the setting is enabled, the Control review process will be activated for Control Register, Risk Controls, and Compliance Controls.
Therefore, the Control owner/authorizer can review a control record and complete the review process by clicking the “Complete Review” button on the control details page.
Once the "Complete Review" button is pressed, the Last review date, Next review date, and Last reviewed by fields will be populated accordingly.
Last Review Date will display the date when the Control owner/authorizer pressed the “Complete Review” button.
Next review date will be populated based on the Review frequency value specified in the control details.
Last reviewed by field will show the user who completed the review.
Coming Next:
Currently, the following scenarios are under development and will be communicated in a future release:
Introducing a new set of permissions for controls: Edit Review Frequency, Edit Next Review Date, Edit Last Review Date.
Introducing new email snippets for Controls: "Review frequency" and "Control next review date".
2.Enhancing the Secondary Responsible Officer experience to view all Controls linked to the risks |
---|
This feature has already been released. For more details, please refer to the link https://camms.atlassian.net/wiki/spaces/CD/pages/603553800/Camms.Risk+Product+Update+Release+Notification#1.-View-all-linked-to-my-risks-permission-within-controls-to-consider-the-risk-Secondary-Responsible-Officer
3. Control Name List snippet to trigger for Control Next Review Date (Control Owner Bulk Email Update) |
---|
This will be an enhancement made to the Control Email notifications, allowing the user to configure the Control notifications to trigger when the Control Next Review Date is nearby or has passed.
How do you configure this?
Navigate to Control Settings > Notification Configurations.
From Notification Configurations, navigate to Notifications Templates area.
From the Notification templates area, create the email template as you prefer by adding the “Control name list” snippet inside the email body.
After creating the email template, navigate to the Notifications area found on the Notification Configurations settings page.
Set up the email configurations as preferred using the newly created email template.
How does it work?
Once the above configurations are saved, the email recipient(s) will be able to receive an email with the Controls list in bulk, indicating those with a Control Next Review Date that is nearby or has passed.
4. Enhancing the Control node permission for existing risk standard roles (for Flex Hierarchy only) |
---|
As the Risk Administrator, this modification allows you to govern risk control permissions for existing risk standard roles, enhancing their current user role permissions.
This will only be available for organisations with a flexible hierarchy.
How do you configure this?
All the existing risk standard roles are listed in the Risk settings > Standard Roles area as shown below, allowing administrators to grant special permissions to these standard roles.
The control node will now govern the permissions selected in the risk standard role’s permission hierarchy for the respective standard roles.
You can grant any of these control permissions to the respective standard role by checking the desired options and saving them in the respective permission hierarchy.
How does this work?
The entire control node will be Ticked by default for the Risk Responsible Officer and Secondary Responsible Officer, as they have been previously granted full risk control permissions.
Example: From the risk standard roles, we have given all the control node permissions except the delete permission for the Risk Responsible Officer.
When logged into the system as a Risk Responsible Officer and checking the relevant risk's control grid, all options (add, history, select from control library) are enabled for the user, except for the delete option, which has not been granted to the Risk Responsible Officer.
If we grant the delete permission to the Risk Responsible Officer and check the same grid again, the delete option will now be available for the user.
Similarly, all the control node permissions will work for all the existing risk standard roles.
5. Enhancing the Control Summary Report to support User based Control View Permissions |
---|
This modification enhances the Control Summary Report to support user-based Control View Permissions. This would ensure that the Control View Permissions applied through the Role Management > Control Permissions section are applied within the Control Summary Report.
How does this work?
The report can be accessed through Camms.Risk > Reports > Control Summary Report.
Any Register View Permissions applied through Camms.Risk > Hamburger Menu > Administration > Role Managment > Control Permissions, would be applied to this Report and its Filter Page.
Note: Apart from the consideration of Control View Permissions, no other modifications will be made to the report's content.