ZenGRC provides a risk management workflow that automatically triggers the ability to create tasks between certain risk statuses. These tasks contain information pre-filled from customized templates maintained by your organization. The tasks can either be used to gather feedback and promote awareness between risk stakeholders, or they can be closed without creating the task.
IMPORTANT
Risk objects follow a different status set up from other ZenGRC objects. Statuses can be reviewed at Risk Management Statuses.
How it Works
The ability to create tasks between certain risk statuses is activated after a risk is placed in an Assessed status. Task details are automatically populated based on templates with pre-defined content that depends on the risk status being suggested in the workflow.
A new task displays when the risk is transferred between the following statuses:
Assessed → Accepting
Assessed → Transferring
Assessed → Avoiding
Remediate → In remediation
Task Templates
Six fields in the task can be pre-populated from the task templates. They include the following:
Title
Description
Assignees
Reviewers
Verifiers
Related object (this one is locked always)
The Title and Description fields can hold variables listed on top of the page. The three variables include: %object% , %object_title%, %object_description%.
Setting up the Task Templates
The task templates contain text determined by ZenGRC experts. However, it can be altered to suit your organization's needs.
To review or alter templates, complete the following steps:
Click Settings | Risk Settings.
Select the Tasks tab. This is only be enabled if you are in the ZenGRC Beta Program.
The Accept - Task Template is listed first. Continue scrolling down to alter additional templates.
Utilizing the Risk Workflow for Tasks
When a risk is in the Assessed status, the task workflow templates come into play as follows:
Click System of Record | Risks and select the applicable risk.
Click I want to. . . and select one of the statuses.
A new task displays and is populated with information from the corresponding template. For example, the following screenshot pulls information from the Accept - Task Template.