Risk Administration
Overview
This is the workbook where a risk administrator manages risk definitions, risk versions and categories.
Settings
On this page, it is possible to adjust the risk taxonomy and categorization used in your organization. As an example, you can change the risk types used by your organization, the likelihood and impact-categories and description, currencies used, etc.
All the subpages follow the same logic for editing, adding and removing rows. To change the text or description in a category, double-click the relevant cell. To or remove a field, right click in the row as shown on the picture below.
In the subpage "User interface", it is possible to govern which fields are mandatory to fill out when pressing "Create New Risk" and "Add Treatment Plan". Fields marked in grey are mandatory as a system requirement.
Versions
On this page, version status is governed. In this context, a version is a time-stamped version of your risk register, used to be able to track risk development over time. Whenever you want to create a new version, you should first check if all current risks have been submitted for approval. This is important in order to make sure the current risk review process is finished, and is necessary to create reports that have risk development over time.
When a new version is created, the risk review process is restarted. All previously submitted risks are "unflagged" and sent back to the risk owners for a new risk review.
When creating a new version, give the version a name that reflects the time period it is for (e.g. Q3 2021, June 2021, etc.). It is possible to change the names of previous versions by double-clicking the relevant cell and changing the text. The column for "Active" versions will always highlight the most recent iteration of the risk register as being active.
Category setup
On this page, the categories used by your organization can be adjusted. It is also possible to select which categories should be enabled for use or not. As an example you can make it possible to enter risks only at a subcategory (child)-level of a parent category by checking the individual categories.