Page Comparison

Overview

ZenGRC provides a risk management workflow that automatically triggers the ability to create tasks between certain risk statuses. These tasks contain information They pre-filled with information from customized templates maintained by your organization. These tasks can be used as follows:

• To gather feedback and promote awareness between risk stakeholders.
• To describe the work that needs to be done for the appropriate assignee.
• Or, they can simply be canceled without creating the task.
  
  

How Tasks Are Triggered in Your Workflow

The following outlines the functionality of when and how tasks are displayed in the risk workflow:

• The actionable drop down that triggers a new task is located below the risk name on the details page and only displays when the risk is in the following statuses:
  • Assessed
  • Remediate
  • In Remediation
  
  
  

• All risk object owners can transfer statuses through the actionable drop-down, but only owners in “Administrator” roles will receive the task pop-up, as they are the only ones who can create/delegate tasks.
• A new task displays immediately after a status in the drop down is selected.
• When a risk is in an Accessed Assessed status and a new status is selected, the following occurs (even if you cancel the task that displays):
  • Accept transfers the risk from Accessed Assessed to Accepting.
  • Avoid transfers the risk from Accessed to  Assessed to Avoiding.
  • Transfer transfers the risk from Accessed to  Assessed to Transferring.
  • Remediate transfers the risk from Accessed Assessed to In remediation.
• When a risk is in an In remediation status and a new status is selected, the following occurs (even if you cancel the task that displays):
  
  • Accept transfers the risk from In remediation to Accepting.
  • Avoid transfers the risk from In remediation to Avoiding.
  • Transfer transfers the risk from In remediation to Transferring.
• Task details are automatically populated from the templates, which is dependent on the status selected.
• A task can be cancelled and not created without interrupting the workflow.
• Risk statuses can be updated at any time using the Status drop-down in the top right.

The following graphic displays a green dot between the statuses when the tasks display. A larger version of the workflow with all risk statuses is at Risk Management Statuses.

Task Templates

Templates can populate six fields in a task and include the following:

• Title
• Description
• Assignees
• Reviewers
• Verifiers
• Related object. This is a locked field that automatically maps the task to the active risk.

Using Variables

The template Title and Description fields can hold variables, which automatically insert information from the risk into the task.

The three variables include:

• %object_title% - Used to populate the risk title into the title of the task.
• %object_description% - Used to populate the risk's description into the task.
• %object% - Used only in the Related Object field. It is a direct link to the risk being transferred to the new status and cannot be deleted.

Setting up the Task Templates

The task templates contain text and variables determined by ZenGRC experts. However, the templates can be altered to suit your organization's needs.

To review or alter templates, complete the following steps:

1. Click Settings | Risk Settings.
2. Select the Tasks tab.
   
   
   
   
3. The Accept - Task Template is listed first. Scroll to see additional templates. The below screenshot outlines variables in red. The variables pull associated risk information into the task.
   
   
   
   
4. If there are personnel who always review tasks at a certain stage, add them to the Assignees, Reviewers, or Verifiers fields. The fields can be altered when the task is generated.
5. Select Notify Assignee if the user in the Assignee field should be emailed when the task is saved. This only functions if you have instant notifications activated.
6. Click Save at the bottom of the page. This saves the changes to all templates.

Following the Risk Workflow

ZenGRC provides a suggested workflow using statuses that can be viewed at Risk Management Statuses.

This workflow begins with Draft and Identified statuses. When a risk is in an Identified status, the following workflow can then be followed:

1. Click the Assess button below the risk name.
   
   
   
2. The status is changed to Under Assessment and the risk scoring tab opens for you to score the risk.
3. Select risk options and click Calculate.
   
   
   
4. Once the scoring is calculated, click Complete Assessment under the risk name. This activates the drop down selections that trigger task creation and branches the workflow.
5. Select a status in the drop down:
   
   
   • If Accept is selected, a new task displays and is populated with information from the Accept - Task Template. Note how the risk name populates in the Title field where the variable was placed in the template.
     
     
     
     
   • If Transfer is selected, a new task displays and is populated with information from the Transfer - Task Template.
   • If Avoid is selected, a new task displays and is populated with information from the Avoid - Task Template.
   • If Remediate is selected, a new task displays and is populated with information from the Remediate - Task Template.
6. Alter the task as needed and click Save.
7. The newly created task now displays in the Mapped Objects tab.
8. Alternatively, click Cancel to close the dialog without creating the task. Or click Save & Add Another to create additional tasks. If you decide to cancel the task, the risk will still be transferred to the new status.