Articles in this section

See more

FAQ: How to hide risk ratings from assignees?

Gloria Wan
  • Updated
Follow

Applies to: Risk Assessment Platform

Applies to: Company Admin Users

Question

  • Can we hide inherent and residual risk ratings from assignees?
  • How to prevent assignees from seeing risk ratings?
  • Can risk ratings be hidden from completers?
  • Can we restrict access to risk ratings for assessment assignees?
  • How to disable visibility of inherent and residual risk ratings?

A reason why you may want to hide the inherent and residual risk ratings for assignees may be to prevent bias, ensuring they provide an objective assessment rather than aligning their responses to predefined ratings.

Answer

To restrict a user’s access to seeing risk ratings, you must create a custom role with limited permissions.

  • Go to Settings () > User Access Controls > Application Role
  • In the Company Tab click Add New Role
    • Enter a name and description (optional) for the new role
  • Select the appropriate checkboxes to define the user’s permissions

To restrict view for risk ratings, ensure these relevant fields in these categories are unchecked:

Assessment:

  • View Residual Risk Column

Assessment Unit:

  • View Risk Calculation

Assessment Unit - Controls Assessment:

  • View Control Test Question Rating Colour
  • View Control Rating Metrics
  • View Control Effectiveness
  • View Control Test Results

Assessment Unit - Risk Analysis:

  • View Risk Indicator Rating Colour
  • View Inherent Risk Rating
  • View Control Effectiveness Rating
  • View Residual Risk Rating

Note: Any modification to the roles are automatically saved and ready to use.

Tip: If you want the user to have the same permissions as the Global Standard (EU) role but without access to risk ratings, open the GLOBAL tab in a separate browser while creating the custom role. Then, replicate the permissions of Standard (EU), but ensuring the fields which allows users to view ratings remain unchecked.

When the new role has been finalised, assign the new role to the user.

  • Go to Settings () > User Access Controls > User Security
  • Press the Edit button (Button-Edit.png) to edit the user's role

Note: User roles accumulate, meaning permissions from multiple roles are combined. If you’ve created a role that hides risk ratings, make sure you’re not also assigning a role that allows access - this could unintentionally override the restriction.

Related articles

Comments

0 comments

Please sign in to leave a comment.