0
21.0.2
Zurich, Yokohama Patch 6, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu, Washington DC Patch 7, Washington DC Patch 5, Washington DC Patch 3, Washington DC, Vancouver Patch 9, Vancouver
The Risk workspace allows the IT Risk Manager and the Operational Risk Manager to view the overall risk posture for your organization, track time-sensitive issues and major losses, and control deficiencies that may increase risks for your organization.
The workspace allows risk managers to:
- Define and manage their organizational risk and control taxonomy.
- Perform risk assessments.
- Assess controls based on design and operational effectiveness.
- Monitor the operational losses and performance of the Key Risk Indicators (KRIs) and the Key Control Indicators (KCIs).
The central issue management capability allows to define a plan of action for remediation and ensure the control gaps are corrected early.
The new user experience highlights the following:
- A default Home page for each user persona displaying actionable insights and quick links.
- A well-organized navigation menu listing modules based on the requirements of each user persona.
- Reimagined conversational risk assessments experience for business users.
- A unified task page to manage and complete GRC tasks efficiently.
- A new visualization that provides a 360° view of GRC relationships.
- Reimagined page layout with contextual information in the side panel for users to complete their tasks more efficiently.
- Record pages that provide a holistic view and actionable insights specific to what is being viewed.
- Persona-based home pages for IT-Risk, Op-Risk, and Business Risk Managers to manage their work efficiently.
- Manage all tasks assigned to a user and their groups from the consolidated task landing page.
- Contextual information about a record to indicate when you need a new 360° relationship viewer and side panels in the records.
- Manage and remediate issues from the comprehensive issue landing page.
- Playbook for seamlessly collecting risk information from first line through guided risk identification workflow.
- Guided experiences for scheduling and managing risk assessments in risk assessment scope and scheduler using the playbook.
- A conversational redesigned guided experience for risk and control assessments with enhanced configurability.
- Redesigned risk heatmap for monitoring and reporting of risk posture.
- Automate risk reporting to senior management and improve risk analysis by visualizing risk trends and movements on the heatmap workbench.
- Review and respond to the metric data efficiently using the Grid UI to provide bulk response and approval for metrics.
- WCAG 2.1 AA compliance making it accessible to all users.
- Enabled Autosave functionality on risk assessment for better user experience.
- New Formula builder in Metric definitions.
- Bulk approval and reassign of risk assessments.
Entity Wise Risk Profile Matrix:
- Matrix Report is a configurable grid-based view in the risk workspace that displays entity-linked data like risks, controls, KRIs, and events. Accessible from the landing and entity pages, it centralizes key details for quick analysis. Users can tailor columns to view relationships clearly and efficiently.
- Risk data is often scattered, making it hard to get a full view of an entity’s risk profile. The Matrix Report brings all related information into one place. This reduces time spent switching views and helps risk managers assess data easily.
- Boosts efficiency by unifying risk insights, helping identify gaps faster. The report improves visibility and supports quicker, informed decisions. This leads to more proactive and streamlined risk management.
[New]
- Entity Wise Risk Profile Matrix:
- Access and analyze the risk posture of your organization using entity-related data, such as risks, controls, KRIs, and events in a centralized, configurable grid-based view. This feature reduces time spent switching views and helps risk managers assess data more easily, leading to more proactive and streamlined risk management.
- Project Risk Assessment Grid:
- Gain efficient control over risk assessments with the new grid-based Risk and Control Self Assessment (RCSA). Quickly compare, edit, and prioritize risks and controls using the flexible, spreadsheet-style interface. Use side-by-side views and bulk editing to complete assessments faster.
[Changed]
- Addressed a defect where assessors were able to delete Risk Response tasks in the Risk Assessment component, even without having the GRC Manager role. The intended behavior is that only the GRC Manager should have deletion rights. However, to accommodate practical usage, the logic has been updated as follows:
- Only GRC Managers or assessors who created the Risk Response task within their own assessment are allowed to delete that task.
- Assessors who did not create the task (e.g., tasks copied from previous assessments) will not be able to delete it.
- Task-related widgets have been removed from the Home pages to enhance load times. Users can now access all their assigned tasks and group tasks directly on the Task page for better visibility.
- Updated the navigation flow for Classic Risk Assessments in Workspace. Previously, clicking on a Classic Risk Assessment would take users directly to the assessment. With this change, users are first taken to the assessment record, where they can then click an action to open the assessment.
[Fixed]
- Resolved an issue where English-language records in the UI message (sys_ui_message) table related to the Risk Assessment component could not be edited. Users were able to modify records in other languages, but not in English, which caused challenges in customizing UI messages for the Risk Assessment module.
- Corrected translation inconsistencies.
- Risk Event tasks are now integrated on the Tasks page within the Risk workspace.
- Issue widgets on the Business Operation Risk Manager home page now correctly filter based on entity selection.
- Impacted entities on Risk Events can now be deleted properly within the Workspace.
- Resolved an issue where comments containing the “=” character were being truncated in the Risk Identification Rejection workflow.
- Fixed a problem where Group Approvers were not visible on the Risk Mitigation task.
- Addressed an issue preventing Entity Owners selected as Assessors in Risk Assessment projects from progressing from the Risk Identification state to the Assessment state.
The following applications get installed automatically when the Risk Management Workspace application is activated:
- GRC: Risk Management (com.sn_risk)
- GRC: Common Workspace Elements (com.sn_grc_workspace)
Permissions and roles:
Role required to install the app: System Admin (admin)