Applies to: Risk Assessment Platform
Release version 1.8 - effective 20 January 2021
Changelog
- Removed term "Sub-Assessment" and replaced with "Assessment Unit"
- Assessment Unit Enhancements
-
- Centralised Controls Assessment for each Assessment Unit
- Controls are now assessed once per Assessment Unit as a separate Controls Assessment step, instead of per Risk Factor.
- Added ability to link Controls to Risk Factors, if desired for reporting purposes.
- Control Effectiveness is now calculated for each control and control category, instead of per Risk Factor.
- Residual Risk Rating is now calculated per Assessment Unit, instead of per Risk Factor.
- Note: Existing Assessment Unit data has been converted to fit the new approach and may result in a different residual risk rating due to new calculation rules.
- Override Inherent Risk Ratings and Control Ratings, for users with override permissions.
- Comments are required when overriding ratings.
- Ratings that can be overridden:
- Inherent Risk ratings for risk indicators and risk factors;
- Control Effectiveness ratings for controls.
- Workflow and notification improvements:
- The Workflow Summary tab now includes Controls.
- Added a tab for Controls Workflow to the Workflow window.
- Added options for up to 3 approvers per risk factor or control. The default is 1 approver.
- Added Workflow Notification emails, that are sent when:
- A risk or control is assigned to you for approval
- A risk or control is rejected or reopened and is back with you
- Added Workflow Daily Reminder emails that list all your outstanding working. They are sent if you have:
- Reopened/rejected risks or controls assigned to you
- Risks or controls awaiting your approval
- Workflow Notifications can be turned on/off in Settings > Notification Management.
- User interface and navigation improvements, including a navigation panel for the Inherent Risk Questionnaire tab. New button added at the top right of the page hide/show the panel.
- Added options to descope individual control metrics when creating a new assessment unit. Only metrics with "N/A" in the Methodology > Control Effectiveness Matrix can be descoped.
- The "Key Findings" section in risk factors is now the "Actions" section.
- Added new fields to the Risk Indicator section: Comments and Attachments
- The Comments field in Risk Factors and Controls supports 5000 characters, up from 500.
- Added columns to the Risk Model CSV export: Weightings, Answers and Answer Ratings.
- Centralised Controls Assessment for each Assessment Unit
-
- Enhanced Methodology Setup and Maintenance
-
- Added ability to customise the rating scales for Inherent Risk, Residual Risk, Country Risk
- Added ability to customise the rounding threshold used in Risk and Control rating calculations, which determines when the rating should round down instead of up.
E.g. If tolerance is 0.1 (or 10%) and IRR result is between 3 and 3.1 then rating used will be 3-High; otherwise, if IRR result is >= 3.1 and <4.1 then rating = 4-Very High - Added ability to customise the Control Assessment metrics:
- Add/remove/relabel the metrics (e.g. Fit for Purpose, Operating Effectively etc)
- Add/remove/relabel the metric groups (e.g. Design, Performance)
- Add/remove/relabel the metric ratings (e.g. Yes, No, N/A)
- Added the ability to exclude control metrics when creating the Assessment Unit, if they have the "N/A" rating as an option in the Control Effectiveness Matrix.
- Added ability to change the description fields for published methodologies.
-
- Added CSV Exports at the Assessment Level
-
- Heatmap of Inherent Risk, Control Effectiveness and Residual ratings across Assessment Units
- Heatmap of Risk Indicator Ratings across Assessment Units
- Heatmap of Control Ratings across Assessment Units
- Heatmap of Risk Group/Category Ratings across Assessment Units
- Heatmap of Control Category Ratings across Assessment Units
- Risk Factors and Indicators for all Assessment Units
- Controls and Test Results for all Assessment Units
- Controls and Linked Risk Factors for all Assessment Units
- Risk and Control Actions for all Assessment Units
-
- Enhancements to Word Reports
-
- Added a Methodology Overview section
- Improved charts and added rating tables
- Added Risk Indicator, Control Ratings and Comments to the Assessment Unit appendices
- Added a Rating Overrides section to the Assessment Unit appendices
- Added Risk Group and Control Category Heatmaps to the Assessment appendices
- Assessments with more than 10 Assessment Units have bar Assessment Unit bar charts on Report screen suppressed and Assessment Unit Rating tables in Overall Findings section of word report suppressed (only appear in appendix).
- Added ability to define the display order of Assessment Units in the Assessment Report output using the Weighting popup accessed from the Assessment Report window.
-
- Other Enhancements
-
- New Application Role Permissions
- Added global role "Client" with view-only permissions to assessments and assessment units.
- Added permissions to hide/show fields at the Assessment level, and Assessment Unit level for the Risk Factor and Controls Assessment pages.
- Added rating override permissions for risk factors and controls
- Decoupled some permissions to allow more granular control
- The "Risk Treatment" section in Risk Analysis pages is now hidden by default. Can be enabled in Application Role Management.
- Added data table functions: sorting, filtering, resizing, reordering, and keyword searching.
- The “Show Archived” checkbox has been moved to the Status column filter settings and disabled by default. To see archived data select "Archived" in the table's Status filter.
- Improved the Assessment History and Assessment Unit History pages
- Added "..." function beside each assessment in the Assessment History page, and each assessment unit in the Assessment Unit History page, to contain the action buttons.
- Added a "Weight" column to the Assessment Unit History page, showing the weight of each assessment unit. To adjust weights, click the column header.
- Changed the Context page in the Assessment and Assessment Unit to be optional, even when publishing.
- Added columns to the Risk Model CSV export: Weightings, Answers and Answer Ratings.
- Added support for Unicode (UTF-8) input for multi-language data capture/reporting outputs.
- Various bug fixes, performance improvements, security enhancements.
- New Application Role Permissions
-
Comments
0 comments
Please sign in to leave a comment.