Version 24.3ab (Risk Management)

GRC (All Apps)

• The Help icon enable toggle switch on the Admin: Edit Roles screen is defaulted to off for all Limited User roles. This will help prevent unauthorized Limited User from contacting Resolver Support.
• Action verbs were removed from buttons within all GRC applications (e.g., create, launch, etc.).

Improvements

• The Decreasing Range section on the Indicator – RM – 2 – Overview form will appear when the indicator is in a Draft state.
• We have added two new tabs to the Risk Management application:
  • Strategy: The Strategy tab allows users to document their organizations long-term visions and priorities.
  • Objective: The Objective tab allows users to set business unit goals.
• The following tab guidance descriptions were added to the Risk – RM – 5 – Assess Risk form:
  • Inherent Risk tab
  • Residual Risk tab
  • Risk Appetite tab
  • Controls tab
  • Issues tab
  • KRI tab
  • Loss Event tab
• Tab guidance descriptions have been added to the following forms to help guide users:
  • Risk – RM – 1a – Create 
  • Risk – RM – 1 – Create
  • Risk – RM – 2 – Risk Triage
  • Risk – RM – 3 – Library
  • Risk – RM – 4 – Assign Risk Owners
  • Risk – RM – 5 – Assess Risk
• We created a new Strategy object type.
• We applied the following changes to the Objective – RM – Assessment, Objective – RM – Library, and Objective – RM – Risk Identification forms:
  • Remove the Objective Owner and Objective level fields.
  • Moved Status field under the Description field.
• We applied the following changes to the Objective – RM – Library form:
  • Added the Strategy tab
  • Added guidance description
• We applied the following changes to the Objective – RM – Assessment and Objective – RM – Risk Identification forms:
  • Split the form into 3 cards to standardize the layout
  • Added the Strategy tab
  • Added guidance description
• The Strategy reference within the Objective workflow was made a mandatory field in the Draft and Active workflow states.
• The following fields were linked to the Strategy object type:
  • Current Value
  • Start Date
  • Status
  • Target Completion Date
  • Target Value
• We created a new relationship link from Strategy to:
  • Objective
  • Indicator
  • Company (reference)
• A new form was created called Strategy – RM – Library.
• The following fields and formulas were added to the Risk object type:
  • Fields:
    • Target Likelihood
    • Target Impact
  • Formulas:
    • Target Risk Score
    • Risk Appetite
• The Risk Response Plan existing select list options were expanded to include descriptions:
  • Tolerate – I will accept the level of residual risk, no further action
  • Treat – I will reduce the level of residual risk by taking action
  • Transfer – I will reduce the level of residual risk by taking action via a third party
  • Terminate – I will reduce the level of residual risk by taking action that modifies the associated objective
  • Not Applicable – I will take no action as the controls in place are adequately managing the risk
• The following changes were applied to the Risk – RM – 5 – Assess Risk form
  • Added a new tab
  • Relabelled and moved form elements to corresponding tabs:
    • Inherent Risk
    • Controls (renamed)
    • Residual Risk
    • Risk Appetite (new)
    • Risk Response (renamed)
    • Historical Trending – added target risk and risk appetite
• Add the following to the new Risk Appetite tab
  • Fields:
    • Target Likelihood
    • Target Impact
  • Formulas:
    • Target Risk Score
    • Risk Appetite
• Added the Target Risk Score and Risk Appetite formulas to the Risk table on the following reports:
  • RM – Risk Committee Report (Objective)
  • RM – Risk Committee Report (Process)
  • RM – Risk Committee Report
  • RM – Business Unit Risk Committee Report (Objective)
  • RM – Business Unit Risk Committee Report (Process)
  • RM – Business Unit Risk Committee Report
• We have renamed three Heatmap reports:
  • From RM – Objective Risk Assessment Heat Map to RM – Objective Risk Register Prioritization Heat Map
  • From RM – Process Risk Assessment Heat Map to RM – Process Risk Register Prioritization Heat Map
  • From RM – Risk Assessment Heat Map to RM – Category Risk Register Prioritization Heat Map
• We renamed all three types of Risk Assessments to Objective Risk Register, Process Risk Register, and Category Risk Register.
• We renamed Risk Register object type to Risk Universe.
• We changed reference names on the relationship from Objective, Process, and Risk Category to Risk Universe.
• We created two new data grid reports called RM – Library Risk Matrix and RM – Library Control Matrix. These reports have not been assigned to the application.
• The following changes have been applied to the Risk – RM – 5 – Assess Risk form:
  • Hid the Contributing Factors and Incident Type tabs
  • Renamed the Issue & Actions tab to Issues
  • Renamed the Key Risk Indicators tab to KRI
  • Format is now a one column layout
  • Added a new tab called Risk Appetite
  • Reordered the Likelihood and Impact fields on the Inherent and Residual Risk tabs
• The Control – GRC – 2 – Control Self-Assessment form is now a one column layout.
• The following forms were renamed:
  • From Objective Risk Assessment – 2a – Manage Assessment to Objective Risk Register – 2a – Manage
  • From Process Risk Assessment – 2a – Manage Assessment to Process Risk Register – 2a – Manage
  • From Risk Assessment – 2a – Manage Assessment to Category Risk Register – 2a – Manage
• The x and y axes on the following Risk Management Heat Maps were flipped. The x-axis is now Likelihood and the y-axis is Impact:
  • RM – Objective Risk Assessment Heat Map
  • RM – Process Risk Assessment Heat Map
  • RM – Risk Assessment Heat Map
  • RM – Business Unit Risk Heat Map (Objective and Process)
  • RM – Company Risk Heat Map (Object and Process)
  • Risk Management: Risk Profile
• The following fields have been made mandatory on the Risk Workflow – Risk Assessment and Escalated states:
  • Inherent Likelihood
  • Inherent Impact
  • Control Effectiveness
  • Residual Likelihood
  • Residual Impact
  • Target Likelihood
  • Target Impact
  • Risk Response Plan
• The following changes were applied to the Control – GRC – 2 – Control Self-Assessment form:
  • Updated the Control Effectiveness tabs on the third and forth cards
  • Increased the title width to 100%
  • Centered aligned the select list and adjusted the width to 50%
• The following changes were applied to the Risk – RM – 1a – Create and Risk – RM – 2 – Risk Triage forms:
  • Updated the Risk Category text
  • Objective (reference) is a mandatory field on the Create & Triage workflow state
  • Bypass required fields was enabled on Submit Risk and both IT Risk triggers
• We Added the Risk Owner and Risk Delegates tabs to the top of the Risk – RM – 4 – Assign Risk Owners form.
• The following changes were applied to the Objective – Risk Assessment – 1 – Overview, Process Risk Assessment – 1 – Overview, Risk Assessment – 1 – Overview forms:
  • Added data visualization: Risk Prioritization Heat Map
• The following changes were applied to the Risk – RM – 5 – Assess Risk form:
  • Updated the Risk Details text
  • Text was added above the button section on the form
• The following changes were applied to the Risk Management Portal:
  • On the Risk Management activity, Risk Assessment was changed to Risk Register
  • On the Risk activity, My Risk View, the Assign Risk Owner state was removed
  • On the Risk activity, My Risk in Triage was renamed to My Submitted Risks
• We have added new activities (tabs) and renamed others within the Risk Management application:
  • Strategy tab (new)
  • The Identify Risk tab changed to Identify (renamed)
  • The Launch Risk Assessment tab changed to Risk Registers (renamed) 
  • The Asset & Treat tab changed to Analyze (renamed)
  • Manage tab (new)
  • The Review & Monitor tab changed to Monitor (renamed)
  • The Manage Assessment tab changed to All Risk Registers (renamed)
• We removed the Risk Team and Risk Team (standard ERM) roles from the following legacy activities:
  • Controls
  • Issues & Actions
  • Corrective Actions
  • Indicators
  • Loss Events
• The following changes were made to the Strategy activity (tab):
  • Description:
    • Added guidance description
  • Actions:
    • Strategy
    • Objective
  • Views:
    • Strategies
    • Objectives
  • Roles:
    • Risk Team
• The following changes were made to the Identify activity (tab):
  • Description:
    • Added guidance description
  • Actions: 
    • Risk – remove Create
  • Views: 
    • Risk & Control Universe:
      • Renamed from Risk & Controls Matrix
      • Changed sorting options to Property & Created On
      • Added guidance description
    • Risks to Review
      • Renamed from Risks in Triage
      • Changed sorting options to Property & Created On
      • Added guidance description
    • Delete
      • Risk Categories
      • Processes
      • Objectives
  • Roles:
    • Risk Team
    • Risk Team (Standard ERM)
• The following changes were made to the Risk Registers activity (tab):
  • Description:
    • Added guidance description
  • Actions (renamed and reordered):
    • Objective Risk Register
    • Process Risk Register
    • Category Risk Register
  • Views:
    • Objective Risk Assessment Planning:
      • Renamed to Add Risk to Register 
      • Changed sorting options to Property & Created On
    • Objective Risk Assessment Planning
      • Renamed to Add Risk to Register 
      • Changed sorting options to Property & Created On
    • Risk Assessment Planning 
      • Renamed to Add Risk to Register 
      • Changed sorting options to Property & Created On
    • Risks Requiring Assessment
      • Renamed to Assign Risk Owners
      • Changed sorting options to Property & Created On 
    • Added a new view called Assign Control Owners
  • Roles:
    • Risk Team
    • Risk Team (Standard ERM)
• The following changes were made to the Analyze activity (tab):
  • Description:
    • Added New guidance description
  • Views:
    • Objective Risk Assessments:
      • Renamed to Analyze Risk Registers 
      • Changed sorting options to Property & Created On
    • Process Risk Assessment:
      • Renamed to Progress to Analyze Risk Registers 
      • Changed sorting options to Property & Created On
    • Process Risk Assessment:
      • Renamed to Progress to Analyze Risk Register 
      • Changed sorting options to Property & Created On
    • Added a new view called Analyze Risk Registers (Grid)
    • Added a new view called Analyze Risk Registers (Grid)
    • Added a new view called Analyze Risk Registers (Grid)
    • Added a new view called All Risks
  • Roles:
    • Risk Team
    • Risk Team (Standard ERM)
• The following changes were made to the Manage activity (tab):
  • Description:
    • Added new guidance description.
  • Views:
    • Prioritize Risk Registers 
    • Prioritize Risk Registers 
    • Prioritize Risk Registers 
    • Review Risks
    • Review Controls
  • Roles:
    • Risk Team
    • Risk Team (Standard ERM)
• The following changes were made to the Monitor activity:
  • Description:
    • Added new guidance description
  • Views:
    • Key Risk Indicators
    • Loss Events
    • Issue & Action Status 
    • Issue & Action Status 
    • Issue & Action Status 
    • Monitor Risk Registers 
    • Monitor Risk Registers 
    • Monitor Risk Registers 
  • Delete:
    • Risk in Review
    • Monitor Risks
    • Escalated Risks
  • Roles:
    • Risk Team
    • Risk Team (Standard ERM)
• The following changes were made to the All-Risk Registers activity:
  • Description:
    • Added new guidance description
  • Actions:
    • Objective Risk Register
    • Process Risk Register
    • Category Risk Register
  • Views:
    • Active Objective Risk Register
    • Active Process Risk Register
    • Active Category Risk Register
    • Archived Objective Risk Register
    • Archived Process Risk Register
    • Archived Category Risk Register
  • Roles:
    • Risk Team
    • Risk Team (Standard ERM)