In addition to tasks and requests, assessments provide a workflow that is enhanced with notifications of assignments due. This documentation focuses on status definitions, workflow, and the user fields that prompt email upon status change.
User Assignment Fields
There are three fields utilized in the workflow of assessments, two of which receive email notifications. To be available for selection, users must be in an Editor, Contributor, or Administrator role.
The screenshot above highlights the assignment fields in red, and are defined as follows:
Creator
This auto-populates with the person creating the item.
This is a required field.
If assessments are imported, the person conducting the import is assigned to this field.
If assessments are generated during audit creation, the person creating the audit is assigned to this field.
The creator is never notified when there is a status change and does not participate in the workflow.
Assessor
Person responsible for concluding whether the control is effective.
This is a required field.
Has read and write access but no delete privileges.
Verifier
User who reviews and accepts or rejects the assessor's judgment.
If there are multiple verifiers, only one need approve the item.
This is an optional field.
Has read and write access but no delete privileges.
Statuses
Assessments can have two or three statuses depending on your business need.
Open
Initial status when an assessment is created and assigned.
It is also the status if the verifier declines the decision of the assessor.
Submitted
Status after the assessor completes the assessment and the item has a verifier.
If there is no verifier, this status is skipped.
Completed
Status after a verifier accepts the decision of the assessor.
Status when the assessor completes assessment and there are no verifiers.
Statuses, Users, and Notifications
The following chart displays the workflow of items through the different statuses, as well as who receives an email at each point.
ZenGRC has an automated workflow that moves an item's status from state to state as normal activities occur. This table displays what takes place with statuses and email notifications as users complete their assigned assessments. The user(s) in the role indicated by the yellow "yes" box are those who receive email notifications as a result of the specified actions.
Instant Email Notifications During Normal Workflow Activities
Action
From Status
To Status
Assessor
Verifier
Notes
Create
n/a
Open
y
n
Instant notifications only occur when items are created manually and the "Notify Assignee" is selected. When assessments are automatically generated during audit creation or when they are imported, notifications don't go out until the "Start Date."
Complete Assessment
Open
Submitted
n
y
If there are other assignees on the item, they are not notified that the item is submitted. The item will be removed from all assignees' To-Do Lists and will not display in the daily summary email.
Decline Assessment
Submitted
Open
y
n
If one reviewer rejects the item, it is immediately reset to Open and all assignees receive an instant email of an assigned item.
Verify Assessment
Submitted
Completed
n
n
No one is notified on final completion.
NOTE
Instant notifications need to be enabled for the "Notify Assignee" to be displayed on the new item form, which is the only time the option is available. To see how to enable the option and where to select it during new item creation, please see Configuring Email Settings.
Instant Notifications When Statuses are Overridden
The ZenGRC automated workflow can be manually overridden at any point by a ZenGRC administrator or editor. The dropdown for override is located in the top right corner of the assessment and always displays the current status.
If users in the Assignee, Reviewer and Verifier fields are assigned to Editor or Administrator global roles, they can manually override statuses as described here.
This table outlines what occurs with statuses and email notifications when a status is manually changed. The user(s) in the role indicated by the yellow "yes" box are those who receive email notifications as a result of the specified actions.
Email Notifications Workflow When Activities are Manually Overridden
Action
From Status
To Status
Assessor
Verifier
Notes
Manual Override
Completed
Open
y
n
All assessors receive an instant email of an assigned item.
Manual Override
Completed
Submitted
n
y
All verifiers receive an instant email of an assigned item.
Manual Override
Submitted
Open
y
n
All assessors receive an instant email of an assigned item.
Manual Override
Open
Submitted
n
y
All verifiers receive an instant email of an assigned item.
Manual Override
All Statuses
Completed
n
n
No one is notified on final completion
Notifications When Users are Added
Users can be added as assessors and verifiers at anytime without impacting statuses. The only time a notification is sent to a newly added user is when the item is in a Submitted status and a person is added to the Verifier field. That prompts an email to the new verifier.