Workflow for Assessments

Owned by Tristan Mohn (Deactivated)
Last updated: Feb 09, 2023 by Victoria Buhler (Deactivated)
4 min read

Page Contents


Overview

In addition to tasks and requests, assessments provide a workflow that is enhanced with notifications of assignments due. This documentation focuses on status definitions, workflow, and the user fields that prompt email upon status change.

User Assignment Fields

There are three fields utilized in the workflow of assessments, two of which receive email notifications. To be available for selection, users must be in an Editor, Contributor, or Administrator role.

TIP

Those in Editor and Administrator roles already have delete privileges. Adding them to the workflow fields will not remove those permissions. Rather, for those in the Contributor role, being assigned to one of these fields expands their permissions to include read and write access.


The screenshot above highlights the assignment fields in red, and are defined as follows:

Creator

  • This auto-populates with the person creating the item.
  • This is a required field.
  • If assessments are imported, the person conducting the import is assigned to this field.
  • If assessments are generated during audit creation, the person creating the audit is assigned to this field.
  • The creator is never notified when there is a status change and does not participate in the workflow. 

Assessor

  • Person responsible for concluding whether the control is effective.
  • This is a required field.
  • Has read and write access but no delete privileges.

Verifier

  • User who reviews and accepts or rejects the assessor's judgment.
  • If there are multiple verifiers, only one need approve the item.
  • This is an optional field.
  • Has read and write access but no delete privileges.

Statuses

Assessments can have two or three statuses depending on your business need.



Open

  • Initial status when an assessment is created and assigned.
  • It is also the status if the verifier declines the decision of the assessor.

Submitted

  • Status after the assessor completes the assessment and the item has a verifier.
  • If there is no verifier, this status is skipped.

Completed

  • Status after a verifier accepts the decision of the assessor.
  • Status when the assessor completes assessment and there are no verifiers. 

Statuses, Users, and Notifications

The following chart displays the workflow of items through the different statuses, as well as who receives an email at each point.



NOTE

To understand how to do your part when assigned an assessment, please see Quick Tips for Assessments.

Instant Notifications in the Automated Workflow

ZenGRC has an automated workflow that moves an item's status from state to state as normal activities occur. This table displays what takes place with statuses and email notifications as users complete their assigned assessments. The user(s) in the role indicated by the yellow "yes" box are those who receive email notifications as a result of the specified actions.

Instant Email Notifications During Normal Workflow Activities

Action

From Status

To Status

Assessor

Verifier

Notes

Create

n/a

Open

y

n

Instant notifications only occur when items are created manually and the "Notify Assignee" is selected. When assessments are automatically generated during audit creation or when they are imported, notifications don't go out until the "Start Date."

Complete Assessment

Open

Submitted

n

y

If there are other assignees on the item, they are not notified that the item is submitted. The item will be removed from all assignees' To-Do Lists and will not display in the daily summary email.

Decline Assessment

Submitted

Open

y

n

If one reviewer rejects the item, it is immediately reset to Open and all assignees receive an instant email of an assigned item.

Verify Assessment

Submitted

Completed

n

n

No one is notified on final completion.

NOTE

Instant notifications need to be enabled for the "Notify Assignee" to be displayed on the new item form, which is the only time the option is available. To see how to enable the option and where to select it during new item creation, please see Configuring Email Settings.

Instant Notifications When Statuses are Overridden

The ZenGRC automated workflow can be manually overridden at any point by a ZenGRC administrator or editor. The dropdown for override is located in the top right corner of the assessment and always displays the current status.

If users in the Assignee, Reviewer and Verifier fields are assigned to Editor or Administrator global roles, they can manually override statuses as described here.

This table outlines what occurs with statuses and email notifications when a status is manually changed. The user(s) in the role indicated by the yellow "yes" box are those who receive email notifications as a result of the specified actions.

Email Notifications Workflow When Activities are Manually Overridden

ActionFrom StatusTo StatusAssessorVerifierNotes

Manual Override

CompletedOpenynAll assessors receive an instant email of an assigned item.
Manual OverrideCompletedSubmittednyAll verifiers receive an instant email of an assigned item.
Manual OverrideSubmittedOpenynAll assessors receive an instant email of an assigned item. 
Manual OverrideOpenSubmittednyAll verifiers receive an instant email of an assigned item. 
Manual OverrideAll StatusesCompletednnNo one is notified on final completion

Notifications When Users are Added

Users can be added as assessors and verifiers at anytime without impacting statuses. The only time a notification is sent to a newly added user is when the item is in a Submitted status and a person is added to the Verifier field. That prompts an email to the new verifier.

Other Helpful Content

•  Access and User Assistance 
•  System of Record List Views  
•  Actions on the Details Page 
•  Creating New Objects 
•  Favorites 
•  Quick Tips for End Users (Printable) 
•  Searching the Left-Hand Navigation

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com