Version 25.2ab (Risk Management)

Last Modified on 11/06/2025 2:55 pm EST

Improvements

Risk Management

  • The Contributing Factor object type was renamed to Root Cause throughout the Risk Management application.
  • Configured role visibility in relationship tables in the Risk Management Base App by adding role owners and removing the description columns in various tables, improving user visibility into assigned owners without excessive navigation.
  • Enhanced reports by updating Heat Maps and Risk Metrics formatting and creating assessment progress status reports using the new Due Date and Review by Date fields. 
  • Added a user notification for Risk Registers, reminding users that a Risk Register is nearing its due date.
  • Workflow names and transitions were updated to simplify the naming convention, making them more intuitive.
    • The following Workflow names were changed on the Category Risk Register, Process Risk Register, and Objective Risk Register Workflows:
      • Changed Define Scope of a Risk Register to Define Scope
        • Changed All Owners Assigned – Send to Risk & Control Owners to Send to Risk Owners
        • Changed Start Risk Register to Start
      • Changed Risk Register in Progress to In Progress
        • Changed Complete Risk Register to Complete
      • Changed Monitor Risk Register to Monitor
        • Changed Reassess Risk Register to Reassess
    • The following Workflow names were changed on the Risk Register – Risk Category, Risk Register – Risk Sub Category, Process Risk Register – Process, Process Risk Register – Sub Process, and Object Risk Register – Objective Workflows:
      • Changed In Scope for Risk Register to Define Scope
      • Changed Risk Register in Progress to In Progress
      • Changed Risk Register in Monitor to Monitoring
      • Changed Archived Risk Registe to Archived
    • The following change was made on the Risk Register - Risk and Control Self-Assessment Workflow (Risk & Compliance) Workflows:
      • Removed icons from all triggers
  • The following enhancements were applied to Risk Management forms: 
    • The button layout has been realigned on the following forms:
      • On the Control Self-Assessment Workflow (Risk & Compliance), the Create trigger was changed to blue on the following forms:
        • Category Risk Register – 1 – Overview
        • Object Risk Register – 1 Overview
        • Process Risk Register – 1 – Overview
        • Control – GRC – 2 -Control Self-Assessment 
      • On the Loss Event Workflow, the Archive trigger was change to Grey on the following forms:
        • Corrective Action – Create
        • Corrective Action = Edit
        • Corrective Action – GRC – Overview
        • Issue – Create
        • Issue – GRC – Overview
        • Level 1 Business Line – IRM – Create/Edit
        • Level 1 Loss Event Type – IRM – Create/Edit
        • Level 2 Business Line – IRM – Create/Edit
        • Level 2 Loss Event Type – IRM – Create/Edit
        • Loss Event – RM – 1b – Create/Draft (Risk Team)
        • Loss Event – RM – 3 – Risk Event Overview (Light)
      • On the Risk Universe Reference Workflow, the Create and Active triggers were changed to blue on the following forms:
        • Objective – Create
        • Objective – Edit
        • Objective – RM – Assessment
        • Objective – RM – Library
        • Policy – GRC – Create
        • Policy – GRC – Overview – Policy Reviewer
        • Process – Create
        • Process – RM – Risk Register
        • Process Library – RM – Create
        • Risk – RM – 1a – Create (Risk Team)
        • Risk – RM – 1b – Create (Risk Owner)
        • Risk – RM – 2 – Risk Triage
        • Risk – RM – 5b – Assess Risk (Standard ERM)
        • Risk – RM – 5c – Assess Risk (Step-by-Step)
        • Risk Sub Category – RM – Risk Register
        • Risk Universe Reference – Library 
      • On the Strategy Workflow, the Create trigger was changed to blue and the Archive trigger was changed to light grey on the Strategy – RM – Library form.
      • On the Company Status Workflow, the Create trigger was changed to blue on the following forms:
        • Sub Process – RM – Risk Register
        • Business Unit – GRC – Overview
        • Company – GRC – Overview
    • Removed the Reference table connected to Strategy from the following forms:
      • Objective – RM – Assessment
      • Objective – RM – Library
      • Objective – RM – Risk Identification
      • Added missing formulas to the Trending & Analysis section and added the Target Risk Score and Risk Appetite fields to the following forms:
        • Risk – RM – 3 – Library
        • Risk – RM – 4 – Assign Risk Owners
        • Risk – RM – 5a – Assess Risk
    • Moved the Risk Assessment matrices onto a single row on the Risk – RM – 5a – Access Risk form.
  • Improve Risk Management form consistency by applying internal design standards to Risk Management forms:
    • The following forms were deleted from the Risk Management app:
      • Object – RM – Library_COPY
      • Z(legacy) Risk – RM – 5 – Assess Risk
      • Risk Category – RM – Risk Identification
        • Role Permissions
          • Risk Team & Risk Team (Standard ERM)
            • Risk Register – Risk Category Workflow
              • Creation
                • Default Form = Risk Category – Create
      • Process – RM – Risk Identification
        • Role Permissions
          • Process Risk Register – Process Workflow
            • Creation
              • Default form = Process – Create
      • Objective – RM – Risk Identification
        • Role Permissions
          • Risk Team & Risk Team (Standard ERM)
            • Objective Risk Register – Objective Workflow
              • Creation
                • Default Form = Objective – Create
    • The Name property was removed, and Title Object Name was made editable on the following forms:
      • Controls – GRC – Report (Palette)
      • Issue – Manage Issue (Palette)
      • Objective – Edit
      • Objective -RM – Assessment
      • Objective – RM – Library
      • Objective – RM – Risk Identification
      • Objective Risk Register – 2 – First Line Overview
      • Objective Risk Register – 2 – Frist Line Overview
      • Strategy – RM – Library
    • Changed the form Name on the following forms
      • Changed the Risk – RM – 1 – Create (Risk Owner) form to Risk – RM – 1b – Create (Risk Owner)
      • Changed the RISK – RM – 5 – Assess Risk form to Risk – RM – 5a – Assess Risk
      • Change the Risk – RM – 5a – Standard ERM form to Risk – RM – 5b – Assess Risk (Standard ERM)
      • Changed the Risk – RM – 5d – Assess Risk (Step-by-Step) to Risk – RM – 5c – Assess Risk (Step-by-Step)
      • Changed the Risk – RM – 5b – Risk Profile Report (Repeatable Form Part 1) to Risk – RM – 6a – Risk Profile Report (Repeatable Form Part 1)
      • Changed the Risk – RM – 5b.i – Risk Profile Report (Repeatable Form Part 1 – Standard ERM) to Risk – RM – 6b – Risk Profile Report (Repeatable Form Part 1 – Standard ERM)
      • Changed the Risk – RM – 5c – Risk Profile Report (Repeatable Form Part 2) to Risk – RM – 7 – Risk Profile Report (Repeatable Form Part 2)
    • Updated the default form for the Issue Object Type to the Issue – GRC – Overview form for the following roles:
      • Risk Champion
      • Risk Delegate
      • Risk Management Administrator
      • Risk Owner
      • Risk Team
    • The following Risk Universe Object Type elements were updated:
      • Updated Data Definition Names for Risk and Control Matrices Data Grids
      • Removed unused Data Definitions
      • Renamed the following forms:
        • Risk Universe – RM – Library (Nav)
        • Risk Universe – RM – Review
  • The following enhancements were applied to the Library Application View:
    • Strategy
      • Created the Strategy activity in the Library application
        • Added the create Strategy Object Type action
        • Added the Strategy Library view
          • Created the Strategy Object Type
            • Edited the Workflow to transition from create to action
            • Deleted the Draft state
          • Created the Strategy Library Object Type Group
          • Created a relationship from Strategy Library to Strategy
          • Created the Data Definitions Strategy Library, Strategy, Objective, Risk, and Control
          • Created the Strategy Library – Navigation form
          • Created the Strategy – RM – Overview form
          • Added the Strategy Library permissions to the Risk Team
            • Added the Strategy – RM – Overview form as the default form
        • Added the Strategy View
        • Added the Risk Team role
      • Objective
        • Deleted the Risk and Control Matrix by Object view
        • Added the Objective Library view
          • Created the Objective Library Object Type
            • Edited the Workflow to transition from create to action
            • Deleted the Draft state
          • Created the Objective Library Object Type Group
          • Created the relationship form Objective Library to Objective
          • Created the Data Definition Object Library, Objective, Risk, and Control
          • Created the Objective Library – Navigation form
          • Added the Objective Library permission to the Risk Team
      • Process
        • Changed the navigation form on the Process Library view
          • Created the Data Definitions Process Library, Process (Continuity Strategy, Plan, Risk, and Control), Control, Sub Process (Risk, and Control), and Control
          • Created the Process Library – GRC – Library (navigation) form
      • Risks
        • Deleted the Risk and Control Matrix view
        • Created the Risk Universe – RM – Library inc Controls (Navigation) form
          • Added the Risk Universe – RM – Library inc Controls form to the Risk Library view
  • All Risk Management Reports and Dashboard activities were consolidated into one activity called Reports under the Risk Management Application.
  • Cleaned up application formatting by ensuring that all forms, reports, and application names are using sentence case and renamed all risk assessment elements to risk register.
  • Improved assessment and Data Management by creating new Data Definitions, renaming the Risk Assessment relationship to Risk Category and updating the Business Unit to use the Risk Category relationship, Add the Due Date and Reviewed On fields to assessments and link data to the Home screen, and move Assessment Data Grids from views to forms.
  • Improved the Indicator Workflow by removing ineffective scheduled triggers and updating date fields to transition from Overdue to Monitoring and record the last update, using the appropriate date fields.    
  • Improved the Risk Management user experiences, ensuring that Risks are created with no orphans, submission and review workflows are easy to follow, Risk are easily identified in the library list, due date reminders are issued to users, consistent terminology is used across all forms and reports, and strategy and objective due dates are visible on the Home screen.
  • Enhanced Risk Reporting and Dashboard functionality by fixing inconsistencies with report labels aligning them with Risk Register objectives, added missing Risk Owner parameter to first line reports, updated the data in the Risk Matrices by removing Design Effectiveness, Operating Effectiveness, Inherent Risk Score, and Residual Risk and added Target Impact Target Likelihood, and Risk Appetite to the RM – Risk and Control Matrix Data Grid (Process Risk Register) matrix.
  • Updated the Risk Management Dashboards to include the new issue state, improve filters, integrate Risk Appetite and Target Matrices with drill-down capabilities.
  • Fixed minor issues with the sample data.

All Applications

  • Application Data import files were updated to match the Risk Management Data Import file (unless otherwise stated), creating an integrated story across the GRC suite of applications.
  • Created two new dashboard views to include all GRC application data, allowing users to view all GRC data in one place.
    • GRC Executive Dashboard
    • GRC Management Dashboard
  • Applied changes to form design across all GRC applications to ensure that all forms follow a consistent standard, creating a better user experience. 
  • Enabled View Latest Update on the following forms:
    • Requirement - CM - 1a - Library (New/Updated Requirement): Automatically enable the view latest updates toggle when opening this form
    • Requirement - CM - 2 - Risk Assessment
    • Requirement - CM - 1 - Library
    • Requirement Detail - Library
    • Requirement Detail - Library (New/Updated Requirement)
    • Requirement Detail - New/Updated Requirement
    • Control - GRC - 2 - Control Self-Assessment
    • Risk - RM - 5a - Assess Risk
    • Risk - RM - 5c - Assess Risk (Step by Step)
    • Internal Audit Project - 3 - Fieldwork, Reporting, Complete and Archive
    • Internal Audit Project - 2- Planning Memo
    • Process - IA - Process Overview
    • Risk - IA - Risk Overview
    • Control - IA - Testing Working Paper
    • Test - IA - Testing Working Paper
    • IC - Financial Statement Account Overview
    • IC - Financial Statement Sub Account Overview
    • Process - IC - 1 - Process Overview
    • Process - IC - 2 - Process Owner Overview
    • Sub Process - IC - Overview
    • Control - IC - 2a - Control Walkthrough and Testing
    • Request - IA & IC - 1 - Auditor
    • Policy - GRC - Overview - Policy Reviewer
    • Citation - IT Compliance - 3 - Internal Assessment
    • Control - IT Risk & Compliance - 3 - Assessment
    • Control - GRC - 1 - Library
    • Control - GRC - Report (Pallet)
    • Control - IA - Audit Client Overview
    • Control - IA - Document Requests (Pallet)
    • Control - IC - 2b - Document Requests (Pallet)
    • Control - IC - 3 - Control Owner Overview
    • Control - IC - 5 - External Auditor Overview
    • Control - IT Risk & Compliance - 2 - IT Control Owner Assignment
    • Issue - GRC - Overview
      • Corrective Action - GRC - Overview
Copyright © 2022 – 2023 Your Company, LLC. All rights reserved.