Note:
Some of the Risk tab and field labels are configurable and these will be shown (bracketed) in example screen shot or labelled red in text. The following is a fully configured Risk system, however some features may have been disabled in your system by your Administrator.
Accessing Risk Records
To access a Risk Records:
From the Main Menu, select Risk | Work with Risk Records.
Displays information about the Current Controls that are in place to reduce or remove the Risk and Other Considerations relating to controlling the Risk.
Click this icon to save the changes you make to this Risk Record.
15 ‘Delete’ icon
Click this icon to delete this Risk Record. A Confirm Delete dialog is displayed with advice that all history associated with the Risk will also be removed.
Tip: Instead of deleting the Risk, consider changing the Risk’s Record Status to ‘Inactive’ to retain the Risk history. See the ‘Risk Details’ tab for more information.
16 ‘Print Preview’ icon
Click this icon to view, and optionally print, the Risk details using the Preview Page.
Click this icon to create an archive of this Risk’s current details.
Once created, you can view the archived details via the ‘Archives’ tab (see item 8).
19 ‘Create Template’ icon
Click this icon to create a Template from the current Risk.
When you create a new Risk, the Template is displayed in the ‘Select Template’ drop-down list in the ‘New Risk’ popup window (see Figure 2 Item 1).
The Risk Details tab
The Risk Details tab
Risk Details Tab elements
1 ‘Risk Details’ tab
Click this tab to display the general details for the current Risk.
2 ‘Risk Number’ field
This field displays the Risk Number for the current Risk.
3 ‘Record Status’ Selector
By default, this field is set to ‘Active’.
Tip: The ‘Inactive’ option is useful if you’re loading new Risks in preparation for a project or business process that hasn’t yet commenced, or as an alternative to deleting the Risk with the advantage of retaining the Risk history.
4 ‘Title’ field
Displays the description of the current Risk.
Note: This field is only displayed when the Risk Title is selected in the Configuration.
5 ‘Description’ field
Displays the description of the current Risk.
6 ‘Category’ Selector
Displays the Category for the current Risk. To change the Category, click the Selector and choose another Category from the drop-down list.
7 ‘Sub Category’ Selector
Displays the Sub Category for the current Risk. To change the Sub Category, click the Selector and choose another Sub Category from the drop-down list.
8 ‘Owned By’ field
Displays the Positions that have ownership of the current Risk.
9 Owner Positions Selector
Clicking this displays a list of Positions to which you can assign and remove ownership of the current Risk.
Note: There must be at least one Owned By selected. Multiply Owners are allowed.
10 ‘Business Unit’ Selector
Displays the Business Unit for the current Risk. To change the Business Unit, click the Selector and choose another Business Unit from the drop-down list.
See Tags in the Glossary for more information about working with Tags.
12 ‘Edit Causes’ icon
Click this icon to edit the information in the ‘Causes’ field (item 14). The ‘Edit Causes’ popup window is displayed, including a text editor and Formatting Toolbar.
13 ‘Causes’ field
Displays information about what causes the Risk. Edit this field by clicking the ‘Edit Causes’ icon (item 13).
14 ‘Edit Impact’ icon
Click this icon to edit the information in the ‘Impact’ field (item 16). The ‘Edit Impact’ popup window is displayed, including a text editor and Formatting Toolbar.
15 ‘Impact’ field
Displays information about the impact of the Risk. Edit this field by clicking the ‘Edit Impact’ icon (item 15).
The Existing Controls tab
The Existing Controls tab
Existing Controls tab elements
1 ‘Existing Controls’ tab
Click this tab to view or edit the Current Controls and Other Considerations for the current Risk.
2 ‘Edit Positive Considerations’ icon
Click this icon to edit the information in the ‘Current Controls’ field. The ‘Edit Current Controls’ popup window is displayed, including a text editor and Formatting Toolbar.
3 ‘Current Controls’ field
Displays the current controls that are in place to reduce or eliminate the Risk. Edit the information in this field by clicking the ‘Edit Current Controls’ icon (item 2).
4 ‘Edit Negative Considerations’ icon
Click this icon to edit the information in the ‘Other Considerations’ field. The ‘Edit Other Considerations’ popup window is displayed, including a text editor and Formatting Toolbar.
5 ‘Other Considerations’ field
Displays the other considerations relating to the Risk. Edit the information in this field by clicking the ‘Edit Other Considerations’ icon (item 4).
The Assessment tab
The Assessment tab contains the:
Rating tab
Review Schedule tab
Treatment Plan tab
The Rating tab
The Rating tab
Rating tab elements
1 ‘Assessment’ tab
Click this tab to view or edit the Risk Assessment details for the current Risk.
2 ‘Rating’ tab
Click this tab to view or edit the Rating for the current Risk.
Inherent Risk Assessment
3 Inherent ‘Likelihood’ Selector
Displays the assessed Likelihood of the Risk before controls and treatments are put in place. Click the Selector and choose a level of Likelihood from the drop-down list.
4 Inherent ‘Consequences’ Selector
Displays the assessed level of Consequence posed by the Risk before controls and treatments are put in place. Click the Selector and choose a level of Consequence from the drop-down list.
5 Inherent ‘Risk Rating’ Indicator
TriLine GRC displays the Inherent Risk Rating as a colour and label, based on the Risk Matrix settings.
6 ‘Inherent Rating Score’ Indicator
The Inherent Rating Score is the product of the score assigned to the Inherent Likelihood Rating (item 3) and the score assigned to the Inherent Consequences Rating (item 4).
Displays the assessed Likelihood of the Risk after controls and treatments are put in place. Click the Selector and choose a level of Likelihood from the drop-down list.
8 Residual ‘Consequences’ Selector
Displays the assessed level of Consequence posed by the Risk after controls and treatments are put in place. Click the Selector and choose a level of Consequence from the drop-down list.
9 Residual ‘Risk Rating’ Indicator
TriLine GRC displays the Residual Risk Rating as a colour and label, based on the Risk Matrix settings.
10 ‘Residual Rating Score’ Indicator
The Residual Rating Score is the product of the score assigned to the Residual Likelihood Rating (item 7) and the score assigned to the Inherent Consequences Rating (item 8).
Click this icon to see definitions for each of the ‘Likelihood’ Ratings that you can choose in the ‘Inherent Likelihood’ Selector (item 3) and the ‘Residual Likelihood’ Selector (item 7).
The ‘Likelihood’ definitions are configurable by an Administrator—select Risk | Likelihood from the Main Menu.
12 ‘Consequences’ Definitions icon
Click this icon to see definitions for each of the ‘Consequences’ Ratings that you can choose in the ‘Inherent Consequences’ Selector (item 4) and the ‘Residual Consequences’ Selector (item 8).
The ‘Consequences’ definitions are configurable by an Administrator—select Risk | Consequences from the Main Menu.
Note: The Risk Matrix can only be viewed from this icon. To modify the Risk Matrix, choose Risk | Matrix from the Main Menu.
Risk Controls Assessment
14 ‘Adequacy’ Selector
Displays the assessed Adequacy of the Controls implemented to reduce or eliminate the Risk. Click the Selector and choose an Adequacy Rating from the drop-down list.
15 ‘Management’ Selector
Displays the assessed Management effectiveness of the Controls implemented to reduce or eliminate the Risk. Click the Selector and choose a Management Rating from the drop-down list.
16 ‘Adequacy’ Definitions icon
Click this icon to see definitions for each of the ‘Adequacy’ Ratings that you can choose in the ‘Adequacy’ Selector (item 14).
The ‘Adequacy’ definitions are configurable by the Administrator—select Risk | Adequacy from the Main Menu.
17 ‘Management’ Definitions icon
Click this icon to see definitions for each of the ‘Management’ Ratings that you can choose in the ‘Management’ Selector (item 15).
The ‘Management’ definitions are configurable by the Administrator—select Risk | Management from the Main Menu.
Other Risk Assessment (Rating) fields
18 ‘Risk Appetite’ field
Use the counter to manually set your organisation’s Risk Appetite for the current Risk.
The Risk Score displayed here depends on the customisable formula used to calculate the Risk Score. By default, the calculation is ‘Residual Likelihood’ × ‘Residual Consequences’, but you could also include either or both ‘Adequacy’ and ‘Management’ in the formula for a more refined Risk Score.
Click this icon to see a Risk Score History Chart for the current Risk.
Other Risk Controls elements
21Risk Score ‘Formula’
This is the Risk Score Formula your Administrator has configured for your TriLine GRC system.
22 ‘Capital Allocation’ field
Use this field to set the amount of money—either as a percentage of total capital or as a fixed value—used to mitigate the risk.
23 ‘Status’ Selector
Click the Selector and choose a term from the drop-down list that reflects the overall Status of the Risk.
By default, your options are: ‘Decreasing’, ‘Emerging’, ‘Static’ and ‘Increasing’. These terms can be edited, removed and new terms added by the Administrator via Risk | Status on the Main Menu.
24Risk Score Graphs
These Risk Score Graphs will display depending on your Risk configuration settings.
25 ‘Last Updated’ Indicator
Displays the date on which the current Risk details were last updated.
26 ‘Show Assessment History’ icon
Click this icon to view the Assessment History for the current Risk. The History record for each Date is the PRIOR values, not the values changed to on that Date (i.e. its a lagging history record).
Note: The ‘Show Assessment History’ icon is only displayed when there is an Assessment history to view.
The Review Schedule tab
Depending on the severity and importance of the Risk, a review schedule cycle is established to prompt the allocated Position to review the Risk, and re-assess the Assessment, Controls and Risk Score.
A Review Task is a Task allocated to a Position that assesses the Residual Assessment, Residual Controls, Risk Appetite and Risk Treatments (if applicable).
The Inherent Risk, Residual Risk and Risk Appetite will determine how often the organisation needs to review a Risk. The higher or more volatile the Risk, the more frequently the Risk will need to be reviewed.
Use the Review Schedule tab to specify the Review Schedule.
The Review Schedule tab
Assessment Review Schedule tab elements
1 ‘Assessment’ tab
Click this tab to view or edit the Risk Assessment details for the current Risk.
2 ‘Review Schedule’ tab
Click this tab to view or edit the Review Schedule for the current Risk.
3 ‘Date Calculation’ options
Choose between: specifying a date or the last working day; or specifying a day of the week (e.g. 2nd Tuesday).
Selecting ‘Specific date or Last working day’ displays the ‘Last Working Day’ checkbox as shown in item 7.
Selecting ‘Specific day of the week’ displays specific day controls (see below) in place of the ‘Last Working Day’ checkbox (item 7).
4 ‘Frequency’ fields
Use these fields to set how often the Risk Review should be performed (e.g. every 3Â months).
A (Scheduled) date field is now displayed to the right of the ‘Next Due’ field. This field displays the actual date that a Task will be generated.
Normally, the ‘Next Due’ and ‘Scheduled’ dates will be the same, but when the ‘Next Due’ date falls on a non-working day (e.g. weekend or public holiday) the ‘Scheduled’ date is set to the preceding working day.
The ‘Last Working Day’ checkbox is displayed if the ‘Specific date or Last working day’ option is selected in item 3.
If ‘Specific day of week’ is selected in item 3, then specific day controls (see below) are displayed instead.
8 ‘1st Reminder’ field
Displays the number of days before the Risk Review due date that the Review Task will be generated and ‘Actioned By’ Positions notified.
9 ‘2nd Reminder’ field
For Review Tasks with a long lead time (i.e. 1st Reminder is set to a high number of days), set a lower number of days in the ‘2nd Reminder’ field so that TriLine GRC sends an additional email to ‘Actioned By’ Positions before the due date.
Tip: Set this field to zero if you don’t want a 2nd Reminder sent for this Review Task.
10 ‘Escalate To’ Selector
Click the Selector and choose a Position from the drop-down list. TriLine GRC notifies this Position if the Review Task is not completed by the due date.
11 ‘Actioned By’ Selector
Click the Selector and choose a Position from the drop-down list. This Position is responsible for reporting the Review task as completed in TriLine GRC and will receive an email from TriLine GRC when the Review Task is generated.
12 Mandatory Attachment checkbox
Tick this checkbox if an attachment must be included as part of the Risk Review. With this option selected, the ‘Actioned By’ Position cannot complete the Review Task without attaching supporting documents.
13 ‘Show Risk Review History’ icon
Click this icon to view the Review History for the current Risk.
Note: This icon is only displayed if there is a Review History for the current Risk.
The Treatment Plan tab
The Treatment Plan tab
Treatment Plan tab elements
1 ‘Assessment’ tab
Click this tab to view or edit the Risk Assessment details for the current Risk.
2 ‘Treatment Plan’ tab
Click this tab to specify the type of Treatment for the current Risk.
3 ‘Risk Avoidance’ checkbox
Tick this checkbox if your organisation will not pursue the activity that involves the Risk.
4 ‘Risk Reduction’ checkbox
Tick this checkbox if your organisation has procedures and policies in place to reduce the Risk.
5 ‘Risk Transfer’ checkbox
Tick this checkbox if the Risk is transferred to a third party.
6 ‘Mitigation of Consequences’ checkbox
Tick this checkbox if your organisation has a strategy or plan to mitigate the consequences of the Risk.
7 ‘Risk Acceptance’ checkbox
Tick this checkbox if your organisation accepts the Risk as-is.
Risk Treatments are Tasks that have been identified as opportunities to mitigate the risk further. Treatments can be classified as different Types. By default, these Types are:
Corrective: Task to mitigate the impact of the risk.
Detective: Task to indicate the occurrence of the risk.
Preventative: Task to mitigate the cause of the risk.
Note: These values have have been changed on your system by an Administrator.
The ‘Treatments’ tab
‘Treatments’ tab elements
1 ‘Treatments’ tab
Click this tab to manage the Treatments for the current Risk.
Use the controls in the Column Headers to filter the Records in the Treatments List (item 4).
4 Treatments List
Displays the Treatments associated with the current Risk.
Click a Treatment in the list to open the Treatment for editing.
5 ‘Clear Filters’ icon
Click this icon to clear any filters applied in the Column Headers (item 3).
6 ‘Delete’ icon
Click this icon to delete the associated Treatment Record. A ‘Confirm Delete’ dialog is displayed.
7 ‘Transfer treatment’ icon
Click this icon to transfer the associated Treatment to another Risk Record.
8 ‘Copy Treatment’ icon
Click this icon to make a copy of the selected Treatment. The ‘Copy Task’ popup window is displayed—this window has the same layout and functionality as the ‘New Task’ popup window (see Adding a Risk Treatment).
9 ‘View Treatment History’ icon
Click this icon to view the History for the related Risk Treatment.
Note: This icon is only displayed if the Treatment has been previously completed.
10 ‘Hide/Show Columns’ icon
Click this icon to hide or show Treatment List columns using the Field Chooser.
11 ‘New Treatment’ icon
Click this icon to add a new Treatment for the current Risk. The ‘New Task’ popup window is displayed (see Adding a Risk Treatment).
12 ‘Show Advanced Filter’ icon
Click this icon to find particular Treatment Records using the Filter Builder.
13 ‘Reset grid’ icon
Click this icon to reset the columns in the grid to a default state.
The Notes tab
Use this tab to record any Notes relevant to this Risk.
The Notes tab
Notes tab elements
1 Notes' tab
Click this tab to record any Notes relevant to this Risk.
2 ‘Add Note’ icon
Click this icon to a new Note. The ‘Add Note’ popup window is displayed. Note: This icon only displays if you have ‘Edit’ security access.
Use the controls in the Column Headers to filter the Notes in the list.
4 Notes list
Each Note in the list consists of two parts: the top part is the Note itself, and the bottom part (shaded) displays the Name of the person who created the Note plus a date of when the Note was created.
5 ‘Edit Note’ icon
Click this icon to Edit a Note. The ‘Edit Note’ popup window is displayed. Note: This icon only displays if you have ‘Edit’ security access.
6 ‘Delete Note’ icon
Click this icon to Delete a Note. A ‘Confirm Delete’ dialog is displayed to remind you that deleting this Record will result in loss of data. Note: This icon only displays if you have ‘Edit’ security access.
The Occurrence tab
The Occurrence tab contains the:
Contingency tab
Operation in Event tab
Actions tab
The Contingency tab
The Contingency tab
Contingency tab elements
1 ‘Occurrence’ tab
Click this tab to describe the Contingency Plan, Operation in Event and an Action Plan in the event that the Risk occurs.
2 ‘Contingency’ tab
Click this tab to describe the Contingency Plan in the event that this Risk occurs.
3Contingency Details field
Displays the Contingency Plan(s) to be performed when an Event for the current Risk occurs.
4 ‘Edit’ icon
Click this icon to edit the Contingency Plan details.
A Text Editor is displayed, including a Formatting Toolbar that you can use to format your text, add lists, hyperlinks, simple tables, and more.
The Operation in Event tab
The Occurrence (Operation in Event) tab
Operation in Event tab elements
1 ‘Occurrence’ tab
Click this tab to describe the Contingency Plan, Operation in Event and an Action Plan in the event that the Risk occurs.
2 ‘Operation in Event’ tab
Click this tab to view or specify the Business Continuity Processes (BCP) to be performed when an Event for the current Risk occurs.
3Operation in Event Details' field
Displays the Business Continuity Processes (BCP) to be performed when an Event for the current Risk occurs.
4 ‘Edit’ icon
Click this icon to edit the Operation in Event details.
A Text Editor is displayed, including a Formatting Toolbar that you can use to format your text, add lists, hyperlinks, simple tables, and more.
The Actions tab
The Actions tab
Actions tab elements
1 ‘Occurrence’ tab
Click this tab to describe the Contingency Plan, Operation in Event and an Action Plan in the event that the Risk occurs.
2 ‘Actions’ tab
Click this tab to view or edit the list of Actions to be performed when an Event for the current Risk occurs.
Use the controls in the Column Headers to filter the Records in the Action List (item 5).
5 ‘Action’ List
Click an Action in the list to open the Action for editing.
6 ‘New Action’ icon
Click this icon to add a new Action for the current Risk. The ‘New Action’ popup window is displayed (see Adding an (Occurrence) Action).
Each Action is assigned a Severity level so that the appropriate Actions are performed according to the severity of the Event. The Severity levels available to you are: ‘Minor’, ‘Moderate’, ‘Major’ and ‘Extreme’.
7 ‘Show Advanced Filter’ icon
Click this icon to find particular Action Records using the Filter Builder.
8 ‘Reset grid’ icon
Click this icon to reset the columns in the grid to a default state.
9 ‘Delete’ icon
Click this icon to delete the associated Action Record. A ‘Confirm Delete’ dialog is displayed.
The ‘Archives’ tab
The Archives tab contains a list of dates when the Risk has been archived. See ‘Viewing Record Archives’ in the topic ‘Archive Records’ for more information.
The ‘Archives’ tab
‘Archives’ tab elements
1 ‘Archives’ tab
Click this tab to view the Archives for the current Risk.
Use the controls in the Column Headers to filter the Records in the Archive List (item 4).
4 Archive List
Displays the Archives associated with the current Risk.
Click an Archive in the list to open and view the Archive details.
Note: You cannot edit Archive Records.
5 ‘Archive’ icon
Click this icon to create an archive of the Risk’s current details.
The Links tab
The Links tab displays all linked records to this Risk.
Records that can be linked from this Risk include Compliance, Contracts, Control Inventory and Documents. These module’s tabs permanently display on the Links tab.
KRIs, (Events) and Registers Records must be linked from that module to this Risk. These module’s tabs will only display is a record is linked to this this Risk.
Can be linked from this Risk tabs
Use these tabs to view, add or remove links from Compliance Process, Contracts, Control Inventory and Documents Records, to this Risk.
The Can be linked from this Risk tabs
Can be linked from this Risk tab elements
1 ‘Links’ tab
Click this tab to manage the linked Records for the current Risk.
2 Module tab
Click one of these always visible tabs to manage the linked Records of that module, for the current Risk.
3 Record Selector
Click this Selector and choose a Record from the drop-down list to link to the current Risk.
4 ‘Link Record’ icon
Once you have selected a Record (item 3), click this icon to link the Record to the current Risk. The Record is displayed in the List (item 6).
Use these controls to navigate between pages of the Compliance List (item 6) and to specify the number of Compliance Records displayed per-page.
6 Record List
Displays the list of Records linked to the current Risk.
Click a Record in the list to open the that record.
7 ‘Unlink Record’ icon
Click a Record’s ‘Unlink’ icon to unlink the Record from the current Risk. The Record is no longer displayed in the Record List (item 6).
Must be linked to this Risk tabs
KRI, Event and Registers tabs will only display if a record from this module is linked to this Risk. For example, KRIs can only be linked from the KRI’s page.
The Must be linked to this Risk tab
Must be linked to this Risk tab elements
1 ‘Links’ tab
Click this tab to manage the linked Records for the current Risk.
2 Module tab
Click one of these tabs, if it is displayed, to view that modules Records linked to this the Risk.
Use the controls in the Column Headers to filter the Records in the List (item 5).
5 Record List
Displays the Records associated with the current Risk.
Click a Record in the list to open the that record.
Note: The KRI tab will show a ‘Show KRI History’ icon for those KRIs with completed Tasks. Click this icon to view the selected KRI’s History.
6 ‘Hide/Show Columns’ icon
Click this icon to hide or show the List columns using the Field Chooser.
The ‘Custom Fields’ tab
Use this tab to update Risk Custom Fields defined by your Administrator.
Note: This tab will not appear if Custom Fields have not been defined for Risks. The Custom Fields displayed on your Risks will be different to what is exampled here.
The ‘Custom Fields’ tab
‘Custom Fields’ tab elements
1 ‘Custom Fields’ tab
Click this tab to view and fill-in Custom Fields for the current Risk.
Note: The ‘Custom Fields’ tab is only displayed if one or more Custom Fields have been created for Risks (see Risk Custom Fields).
2 Custom Field
The ‘Custom Fields’ tab displays any Custom Fields that have been created for Risks. These fields may vary in type; for example, drop-down lists (as in Figure 17 above), text fields, check boxes and more.
3 ‘Custom Field Information’ icon
Click a Custom Field’s Information icon to view help for filling in the field.
The ‘Risk Hierarchy’ tab
Create a Risk Hierarchy using the ‘Risk Hierarchy’ tab. The Risk Hierarchy is created by linking Risks together in your required structure. A Risk can belong to many different Hierarchies.
Risks at the top of the Hierarchy are at Level 0 (zero). These Risks do not have a Level 0 Risks tab.
The current Risk is at Level 1 (one). The Parent Risks to this current Risk will appear on the Level O Risks. The Child Risks to this current Risk appear on the Level 2 Risks tab.
Risks at the bottom of the Hierarchy will have no Risks listed on the Level 2 Risks tab and Parent Risks listed on Level 0 Risks tab.
Risks not part of a Hierarchy will have no Risks listed on the Level 2 Risks tab and no Level 0 Risks tab displayed at all.
See ‘Risk Hierarchy’ in the topic ‘TriLine GRC and Risk’ for more information.
The ‘Risk Hierarchy’ tab
‘Risk Hierarchy’ tab elements
1 ‘Risk Hierarchy’ tab
Click this tab to manage linked Hierarchical Risks for the current Risk.
2 ‘Level 0 Risks’ tab
Click this tab to view the Risks linked as parents to the current Risk.
This tab does not display when the Risk is at the top of the Hierarchy.
This tab does not display when the Risk not part of a Hierarchy.
3 ‘Level 2 Risks’ tab
Click this tab to manage the Risks linked as children to the current Risk.
When Risks are displayed in the list, this Risk is part of a Hierarchy, otherwise it is not but is available to be.
4 Risk Record Selector
Click this Selector and choose a Risk from the drop-down list to link as a Hierarchical Risk.
5 ‘Link Risk’ icon
Click this icon to link the Risk selected in item 4 to the current Risk. The linked Risk is displayed in the Risk Hierarchy List (item 8).
Use the controls in the Column Headers to filter the Records in the Risk Hierarchy List (item 8).
8 Risk Hierarchy List
Displays the Hierarchical Risks currently linked to the current Risk.
9 ‘Unlink Risk’ icon
Click this icon to unlink the associated Risk from the current Risk. The unlinked Risk is no longer displayed in the list (item 8).
10 ‘Risk Score Summary’ Panel of Risks (item 8).
This panel is displayed to the right of the Risk Hierarchy List (item 8) when the current Risk has two or more linked Hierarchical Risks at the selected Level.
The Risk Score Summary shows:
- The number of Risks,
The highest and lowest Risk Scores,
The Median Risk Score, and
The Average Risk Score for the Risks displayed in the list.
The ‘Security’ tab
Edit rights to this Risk Record is required to see the ‘Security’ tab.
Displays the Record Security Groups and options for assigning Record Security Rights.
3 Record Security Rights options
For each Security Group, assign a Record Security Rights option: ‘Edit’, ‘View’ or ‘Not Used’.
4 ‘Show Security Group Members’ icon
Click this icon to display the Security Group Members List (item 5).
5 Security Group Members List
When you click the ‘Show Security Group Members’ icon (item 4), this list displays the Positions who are members of the related Security Group.
Notes:
Positions in the ‘Administrators’ Security Group are automatically assigned ‘Edit’ Rights.
Positions in the ‘Super Users’ Security group are automatically assigned ‘View’ Rights.
If a user is a member of multiple Security Groups with conflicting Security Rights, the higher level of access is granted.
The ‘History’ tab
View this Risk’s updates and task completion history record within the audit days period.
Procedures
Accessing the Risk Records
To access a Risk Records:
From the Main Menu, select Risk | Work with Risk Records.
Or, from the ‘Risks’ page, click on a Risk record in the list to open the ‘Risk’ page. Click the New icon.
The ‘New’ icon
The ‘New Risk’ popup window opens. Complete the Risk details in the popup window (see New Risk window elements for details on each field).
The ‘New Risk’ popup window
Click the Save 18 icon to complete adding the new Risk record. The Risk page will display with this new record. Clicking the cancel 19 icon will close the ‘New Risk’ window without saving the record.
The ‘New Risk’ popup window
1 ‘Show Help’ icon
Click this icon to display basic information about working with the New Risks Page.
2 Select Template' drop-down list
Choose a Risk Template from the drop-down list.
The fields on the popup window are filled with the information from the Template.
3 ‘Clear Template Selection’ icon
Click this icon to clear the selected Template (see item 1) and clear any populated Template information from affected fields.
4 ‘Risk Number’ field
Type the Risk Number in this field.
You can type any combination of letters and numbers, but you should establish and follow a numbering convention, such as RSKnnnnn or similar.
5 ‘Record Status’ field
By default, this field is set to Active.
> Tip: If you’re loading new Risks in preparation for a project or business process that hasn’t yet commenced, you can set this field to ‘Inactive’. The Risk Record won’t be included in your TriLine GRC activities until you set the Record Status to ‘Active’.
6 ‘Title’ field
Type a brief description of the Risk in this field.
Note: The Risk Title field will only appear if it is configured to appear (highly recommended for viewing and reporting purposes).
7 ‘Description’ field
Type a description of the Risk in this field.
8 ‘Category’ Selector
Select a Risk Category from the drop-down list.
9 ‘Sub Category’ Selector
Select a Sub Category from the drop-down list.
10 ‘Owned By’ field
Any Positions displayed in this field are Owners of the Risk.
A Risk Owner is ultimately responsible for ensuring that the Risk is managed. This includes reviewing the Risk at appropriate intervals.
11 ‘Position’ Selector
This Selector displays a list of Positions that can be assigned Ownership of the Risk.
Select one or more Positions in the Selector for those Positions to appear in the ‘Owned By’ field (see item 10).
12‘Business Unit’ Selector
Click the Selector and choose a Business Unit from the drop-down list.
13 ‘Risk Status’ Selector
Click the Selector and choose a Risk Status from the drop-down list.
14 Record Security field
Use this field to set the Record Security Rights for each Record Security Group in the list.
15 Record Security Rights options
Select the appropriate Record Security Rights option for the desired Record Security Group.
16 ‘Show Members’ icon
Click this icon to view the current members of the selected Security Group.
The Security Group Members List is displayed (see item 17).
17 Security Group Members List
This list is displayed when you click the ‘Show Members’ icon (see item 16) for a particular Security Group in the Record Security field (see item 14).
18 ‘Save’ icon
Click this icon to save the new Risk. The Risk Page is displayed so that you can continue to edit other aspects of the Risk.
19 ‘Close’ icon
Click this icon to close the popup window without saving the new Risk.
In the Risks List, click the Risk that you want to add an Occurrence Action to.
the Risk Page is displayed for the current Risk.
On the Risk Page, click the ‘Occurrence’ tab.
The ‘Occurrence’ tab details are displayed.
On the ‘Occurrence’ tab, click the ‘Actions’ tab.
The ‘Actions’ tab details are displayed.
On the ‘Actions’ tab, click the ‘New Action’ icon on the Occurrence (Actions) tab (see Figure 12 Item 6).
The ‘New Action’ popup window is displayed.
The ‘New Action’ popup window
The ‘New Action’ popup window
‘New Action’ popup window elements
1 Risk details
Displays the details of the current Risk.
2 ‘Severity’ Selector
Click this Selector and choose a Severity Level from the drop-down list.
Each Action is assigned a Severity level so that the appropriate Actions are performed according to the severity of the Event. The Severity levels available to you are: ‘Minor’, ‘Moderate’, ‘Major’ and ‘Extreme’.
3 Action Details Pane
Type the details of the Action in this pane. See ‘Text Editor’ and ‘Formatting Toolbar’ in the Glossary for more information about working with the Action Details Pane.
4 ‘Save’ icon
Click this icon to save the new Action. The Action is displayed in the Action List on the Occurrence (Actions) tab (see Figure 12 Item 5).
5 ‘Close’ icon
Click this icon to close the popup window without saving the new Action.
Viewing or Editing an Occurrence Action
Note:
The Risk-related term ‘Occurrence’ is configurable and may be different on your system.
View or Edit an Occurrence Action from the Risk Page:
In the Risks List, click the Risk containing the Occurrence Action that you want to view or edit.
The Risk Page is displayed for the current Risk.
On the Risk Page, click the ‘Occurrence’ tab.
The ‘Occurrence’ tab details are displayed.
On the ‘Occurrence’ tab, click the ‘Actions’ tab.
The ‘Actions’ tab details are displayed.
On the ‘Actions’ tab, click the desired Action in the Action List (see Figure 12 Item 5).
The ‘Edit Action’ popup window is displayed.
The ‘Edit Action’ popup window
The ‘Edit Action’ popup window
‘Edit Action’ popup window elements
1 Risk details
Displays the details of the current Risk.
2 ‘Severity’ Selector
Click this Selector and choose a Severity Level from the drop-down list.
Each Action is assigned a Severity level so that the appropriate Actions are performed according to the severity of the Event. The Severity levels available to you are: ‘Minor’, ‘Moderate’, ‘Major’ and ‘Extreme’.
3 Action Details Pane
Edit the details of the Action in this pane. See ‘Text Editor’ and ‘Formatting Toolbar’ in the Glossary for more information about working with the Action Details Pane.
4 ‘Save’ icon
Click this icon to save any changes you’ve made to the Action.
5 ‘Close’ icon
Click this icon to close the popup window without saving your changes.
Completing a Risk Review
When you complete a Risk Review, there are additional things you must do beyond reporting the date completed, by whom, adding comments and attaching supporting documentation. You must also:
check any KRI Tasks linked to the Risk Review,
check any Events that have been submitted during the review period,
review the Risk Score History Chart, and
update the Risk Assessment criteria, taking into account relevant information from linked KRIs, Events and Risk Score History.
You report the completion of a Risk Review by clicking the ‘Complete Task’ icon associated with a Risk Review Task on your ‘My Tasks’ Page:
Click this tab to view the Risk Score History Chart. Use the information displayed in the Chart, together with any linked KRI and Event information, to help you complete the Risk Review.
8 Page Help icon
Click this icon to display basic information for working with the popup window.
9 ‘Complete Task’ icon
Click this icon to record the Risk Review as complete.
10 ‘Task Not Completed’ icon
Click this icon if you want to record the Risk Review as ‘Not Completed’. See the ‘Task Not Completed’ icon entry in the Glossary for information.
Note:
The ability to mark a Task as ‘Not Completed’ is optional and must be enabled in the configuration settings. As a result, this icon may not be displayed in your TriLine GRC system.
11 ‘Close’ icon
Click this icon to close the popup window without completing the Risk Review.
The Complete Risk Review (Details) tab
The fields you need to complete in the Details tab of the Complete Risk Review pop up window include:
the Actioned On field (see Figure 29 item 3),
the Actioned By selector (see Figure 29 item 4), and
the Comments field (see Figure 29 item 6).
The Complete Risk Review (Details) tab
Complete Risk Review (Details) tab elements
1 ‘Details’ tab
Click this tab to complete general details about the Risk Review.
2 Risk Review Responsibility details
Displays the Positions who are the Risk Owner(s) and who the Risk Review has been allocated to.
3 ‘Actioned On’ fields
These fields include a Date Selector, a Task due date label and a Task Frequency label.
The Date Selector displays the current date when the popup window is displayed. To specify a different date, either type the date directly in the field using the displayed date format, or click the arrow to the right of the field to choose a date using the Date/Time Selector.
4 ‘Actioned By’ Selector
By default, this Selector displays the Position to whom the Risk Review Task is allocated. To select a different ‘Actioned By’ Position, click the Selector and choose a different Position from the drop-down list.
5 ‘Add Comment’ icon
Click this icon to add a comment related to completing the Risk Review. A Text Editor with Formatting Toolbar is displayed.
Note:
For Risk Reviews, a comment is mandatory—a Risk Review cannot be completed until a comment has been included.
6 ‘Comments’ field
Lists the comments that have been added for this Risk Review. Click on a Comment to view the details.
The Complete Risk Review (Assessment) tab
The Complete Risk Review (Assessment) tab
The Assessment tab is where you update the Risk Assessment details as part of the Risk Review.
When updating these Assessment details, make sure you take relevant information from the linked KRIs, linked Events and the Risk Score History Chart into account.
The Assessment tab components on the ‘Complete Risk Review’ page are the same as those on the 'Assessment (Rating) tab of the Risk Page. See ‘The Assessment (Rating) tab’ for information about the related fields and controls.
The Complete Risk Review (Attachments) tab
The Complete Risk Review (Attachments) tab
Supporting documents
You may be required to include supporting documents as part of completing a Risk Review. Attach supporting documents via the Attachments tab.
Clicking the Attachments tab displays the list of attached documents and controls for attaching/removing documents related to completing the Risk Review.
See ‘Attachments’ in the Glossary for information on managing Attachments.
The Complete Risk Review (KRI) tab
If there are KRIs linked to the Risk under review, these are displayed in the KRI tab.
Note:
The ‘KRI’ tab is only displayed if there are KRIs linked to the Risk under review.
The Complete Risk Review (KRI) tab
Complete Risk Review (KRI) tab elements
1 ‘KRI’ tab
Click the ‘KRI’ tab to view any KRIs that are linked to the Risk.
2 Date Range filters
Set the Date Range filters to include any KRIs that fall within the Risk Review period.
Note: The Date Range should default to the Risk Review period automatically.
3 Date Range Refresh icon
Click this icon after setting the Date Range filters to update the list of KRIs (item 6).
Use the controls in the column headers to filter the Event Records.
6 KRI List
Click an Event in the list to view its details.
7 ‘Hide/Show Columns’ icon
Click this icon to hide or show columns in the Event List using the Field Chooser.
8 ‘Show Advanced Filter’ icon
Click this icon to filter the Event Records using the Filter Builder.
The Complete Risk Review (History) tab
You can examine the Risk Score History Chart by clicking the History tab.
Notes:
The ‘History’ tab is only displayed if Risk Score has been previously recorded for the Risk under review.
The term ‘Risk Score’ is customisable and may be different on your system.
The Complete Risk Review (History) tab
Complete Risk Review (History) tab elements
1 ‘History’ tab
Click the ‘History’ tab to view the Risk Score History for the Risk under review.
2 Date Range filters
Set the Date Range filters to include any Risk Score History within the Risk Review period.
Note: The Date Range should default to the Risk Review period automatically.
3 Preview icon
Click this icon after setting the Date Range filters to update the chart.
4 Chart Detail Guide
As you move your mouse cursor over the chart, the Guide follows your mouse movement, and the Chart Detail Panel (item 5) displays information about the chart element in contact with the guide.
5 Chart Detail Panel
This Panel displays information about chart elements as your mouse cursor and the Chart Detail Guide (item 4) move over them.
Transferring a Risk Review
Note:
You can only transfer a Risk Review that appears in the ‘Current Tasks’ List on your ‘My Tasks’ Page. TriLine GRC will continue to generate future iterations of the Risk Review Task into your ‘Current Tasks’ List.
Transfer a Risk Review to another Position via your ‘My Tasks’ page:
From the Main Menu, Select ‘My Tasks’ .
The ‘My Tasks’ Page is displayed.
On the ‘My Tasks’ Page, click the ‘Current Tasks’ tab.
The Current Tasks List is displayed.
In the Current Tasks List, locate the Risk Review Task that you want to transfer.
Each column in the Risk Aggregation by Category list can be sorted in ascending and descending order. For example if you wished to see the Risks with the highest maximums at the top of the list, click the Maximum column 1 label once to get ascending order. Click the Maximum column 1 a second time to get descending order:
Aggregation by Category sorted by Maximum descending
Filtering Risk Aggregation by Category
Each column in the Risk Aggregation by Category list can be filtered. For example if you wished to see only Categories with a Maximum greater than 8, first click in column heading cell 1, and type ‘8’. Next click the filter icon 2 to display the filter options. Select Is greater than3. Records will be filtered 4:
The ‘Complete Risk Treatments’ popup window is displayed (see Figure 22).
Complete the details in the popup window.
Click the ‘Complete Task’ icon (Figure 22 item 13) to record the Treatment Task as complete.
Note:
Depending on your system settings, a ‘Task Not Completed’ icon may also be displayed: See ‘Task Not Completed’ icon in the Glossary for more information.
icon.
icon is display, you have security access to update these values. Update values as required and click the Save icon.
