Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »


Page Contents


Overview

ZenGRC provides a risk management workflow that automatically triggers the ability to create tasks between certain risk statuses. They are pre-filled with information from customized templates maintained by your organization. These tasks can be used as follows:

  • To gather feedback and promote awareness between risk stakeholders.
  • To describe the work that needs to be done for the appropriate assignee.
  • Or, they can simply be canceled without creating the task.

IMPORTANT

Risk objects follow a different status set up from other ZenGRC objects. Statuses can be reviewed at Risk Management Statuses.

How Tasks Are Triggered in Your Workflow

The following outlines the functionality of when and how tasks are displayed in the risk workflow:

  • The actionable drop down that triggers a new task is located below the risk name on the details page and only displays when the risk is in the following statuses:
    • Assessed
    • Remediate
    • In Remediation


  • All risk owners can transfer statuses through the actionable drop-down, but only administrators receive the task pop-up since only they can create/delegate tasks.
  • A new task displays immediately after a status in the actionable drop-down is selected.
  • When a risk is in an Assessed status and a new status is selected, the following occurs (even if you cancel the task that displays):
    • Accept transfers the risk to Accepting.
    • Avoid transfers the risk to Avoiding.
    • Transfer transfers the risk to Transferring.
    • Remediate transfers the risk to In remediation.
  • When a risk is in an In remediation status and a new status is selected, the following occurs (even if you cancel the task that displays):
    • Accept transfers the risk to Accepting.
    • Avoid transfers the risk to Avoiding.
    • Transfer transfers the risk to Transferring.
  • Task details are automatically populated from the templates.
  • A task can be cancelled without interrupting the workflow.
  • Risk statuses can be updated at any time using the Status drop-down in the top right.

The following graphic displays a green dot between the statuses where tasks display. A larger version of the workflow with all risk statuses is at Risk Management Statuses.

Task Templates

Templates can populate six fields in a task and include the following:

  • Title
  • Description
  • Assignees
  • Reviewers
  • Verifiers
  • Related object. This is a locked field that automatically maps the task to the active risk.

Using Variables

The template Title and Description fields can hold variables, which automatically insert information from the risk into the task.

The three variables include:

  • %object_title%Used to populate the risk title into the title of the task.
  • %object_description% Used to populate the risk's description into the task.
  • %object% - Used only in the Related Object field. It is a direct link to the risk being transferred to the new status and cannot be deleted.

Setting up the Task Templates

The task templates contain text and variables determined by ZenGRC experts. However, the templates can be altered to suit your organization's needs.

To review or alter templates, complete the following steps:

  1. Click Settings | Risk Settings.
  2. Select the Tasks tab.



  3. The Accept - Task Template is listed first. Scroll to see additional templates. The below screenshot outlines variables in red. The variables pull associated risk information into the task.



  4. If there are personnel who always review tasks at a certain stage, add them to the Assignees, Reviewers, or Verifiers fields. The fields can be altered when the task is generated.
  5. Select Notify Assignee if the user in the Assignee field should be emailed when the task is saved. This only functions if you have instant notifications activated.
  6. Click Save at the bottom of the page. This saves the changes to all templates.

Following the Risk Workflow

ZenGRC provides a suggested workflow using statuses that can be viewed at Risk Management Statuses.

This workflow begins with Draft and Identified statuses. When a risk is in an Identified status, the following workflow can then be followed:

  1. Click the Assess button below the risk name.


  2. The status is changed to Under Assessment and the risk scoring tab opens for you to score the risk.
  3. Select risk options and click Calculate.


  4. Once the scoring is calculated, click Complete Assessment under the risk name. This activates the drop down selections that trigger task creation and branches the workflow.
  5. Select a status in the drop down:

    • If Accept is selected, a new task displays and is populated with information from the Accept - Task Template. Note how the risk name populates in the Title field where the variable was placed in the template.



    • If Transfer is selected, a new task displays and is populated with information from the Transfer - Task Template.
    • If Avoid is selected, a new task displays and is populated with information from the Avoid - Task Template.
    • If Remediate is selected, a new task displays and is populated with information from the Remediate - Task Template.
  6. Alter the task as needed and click Save.
  7. The newly created task now displays in the Mapped Objects tab.
  8. Alternatively, click Cancel to close the dialog without creating the task. Or click Save & Add Another to create additional tasks. If you decide to cancel the task, the risk will still be transferred to the new status.


Other Helpful Content

•  Access and User Assistance 
•  System of Record List Views  
•  Actions on the Details Page 
•  Creating New Objects 
•  Favorites 
•  Quick Tips for End Users (Printable) 
•  Searching the Left-Hand Navigation

  • No labels

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com