Once a policy has been updated by the policy owner, it is then moved to the Review state and assigned to a member of the Risk Team user group. Once the policy has been reviewed, it can either be archived or sent back to the policy owner at the time of the next review cycle. All policies in need of review will appear on the My Tasks page.
To review a policy:
Log into a user that's been added to the Risk Team user group to display the My Tasks page.
Click a Policy in the Review state to open the Policy Review form.
In the Policy Details section:
Edit the name and description of the policy in the Policy Name and Description fields.
Begin typing keywords in the Business Unit field to display a list of options, then click to select an appropriate unit.
Edit the version number of the policy in the Version field.
Remove or add additional users to the Policy Owner and Policy Reviewer fields as needed.
Select new review and due dates in the Next Review Date and Due Date fields.
- Optional: In the Policy Narrative section:
Drag files to the Supporting Attachments section to add them to the policy. You can also click in the boxes below Supporting Attachments to browse for files on your machine, or to enter a URL link.
If you do not attach any supporting documentation to the policy, document the body of the policy in the Policy Narrative field.
It is best practice for the policy owner to edit this section. The policy reviewer has access to it only in the event that they have changes to make in addition to what has already been done.
In the Review Comments section, enter any comments you have about the policy in the Policy Reviewer Comments section.
Select one of the following options:
Send Back to Owner: Moves the policy back into an Under Revision workflow state and sends it to the policy owner to make further updates
Complete Review: Moves the policy back into an Active workflow state.