top of page
FAQ
Frequently Asked Questions
-
Q1. I am a Default Assignee in the risk workflow, what does that mean?"If you are a Default Assignee, it means that you occupy a position in the risk management workflow and that you will be required to carry out an action, based on the assigned queue status, in the event a new risk is submitted. You may be a Default Assignee at a company or departmental level. At a departmental level, you will be responsible for an action(s) in the workflow that are submitted and designated as being associated with your department. At a company level, you will be responsible for a stage(s) of the workflow for risks submitted that do not fall within the departmental workflows. This may be due to an absence of a departmental Default Assignee or the risk not being designated as being associated to any department when it was submitted. The stages of the workflow for which you may be a default assignee include: 1. Waiting for Impact Analysis 2. Waiting for Impact Analysis Approval 3. Waiting for Control Identification and Analysis of Residual Risk, and the Defining of Action Plans 4. Waiting for Reviewing Control Effectiveness Should you be required to carry out an action(s) as a Default Assignee you will be notified via email automatically. You may also assign your designated action to another system user if you believe they are better placed to execute it. Additionally, in the case of completing the impact analysis for a risk, a user may fill in part(s) of the information without completing it, save it (by clicking the save button), and then assign it to another user who may be better placed to provide the information. It should be noted, that financial impact, in these circumstances, is a mandatory field to complete and should be completed prior to reassigning. All inherent and residual risk assessment tasks that you are required to carry out as a default assignee will also be displayed in your Calendar and Action Items list on the Workbench page of the system.
-
Q2. Can we have a User Defined formula to calculate Residual Risk on the basis of Control Maturity?Yes, this is possible and can be implemented by the development team when the formula is provided.
-
Q3. Is there any option to delete a Risk post submission? If yes, how a risk can be deleted once it is submitted?"There is a feature to close risks,in case any of the submitted risks which may not be relevant can be closed and archived in the tool. Only a person with Admin role will be able to do this.
-
Q4. At what stage does any risk come to Risk department for review?You can decide the stages when the risk goes to the Risk Department. The risk submission and workflow can be designed at the department level. Default assignee (user(s) who need to take an action for the respective queue status in the risk workflow can be assigned for each department. The system also provides configuration at Company level.
-
Q5. Can the system generate heat maps to highlight the shift in risk levels?Yes the feature is available. Risk Transition reports can be generated.
-
Q6. Can the system record action points arising out of Risk Assessment exercise with agreed timelines?Yes the feature is available. Action plans with tasks can be created in the tool with timelines and ownership.
-
Q1. I am a control owner, how do I evaluate controls in Risk Hawk?"If you are a Control Owner, log into the system and you can evaluate controls in Risk Hawk through the following methods. ·Within the Workbench the controls that are to be evaluated will be listed under action items. Click on the Control title and enter the evaluation details and select the status of the control from the drop down. You can then submit the evaluated control. OR ·Within the Calendar the control to be evaluated will be displayed on the control evaluation due date. Click on the Control title and enter the evaluation details and select the status of the control from the drop down. You can then submit the evaluated control. OR ·If you are a Senior User or an Administrator, utilise the Lists Menu on the top and navigate to the list of Controls. Once within the list click on “My controls” button or use the search tool to find the control. Click on the control title and you will be brought to the specific Control Information Page. Navigate to the Associated Evaluations tab and click on the Add Evaluation button and enter the evaluation details and select the status of the control from the drop down. You can then save/submit the evaluated control. When you receive email notifications for control evaluations. You will be directed to the login page of the system upon clicking on the email link. Login with your credentials and you will be automatically taken to the control evaluation page in Risk HAWC tool. Follow the onscreen instructions to complete the control evaluation.
-
Q2. How can a user check the Control Test Procedure and Control Gaps identified with the evaluation?The questionnaire functionality is available where the control evaluation could be done using a list of questions. Each question/response could be provided with a score and based on the overall score achieved for the questionnaire the control could be marked passed or failed. Gaps can be identified easily as failed questions are visible to users. Additionally, control test procedures if in word format can be attached to a control as a document attachment.
-
Q1. I am a Default Assignee in the incident workflow, what does that mean?"If you are a Default Assignee, it means that you occupy a position in the incident management workflow and that you will be required to carry out a specified action, based on your queue status, in the event a new incident is reported. You may be a Default Assignee at a company or departmental level. At a departmental level, you will be responsible for an action(s) in the workflow for incidents that are submitted as being associated with your department. At a company level, you will be responsible for a stage(s) of the workflow for all incidents submitted that do not fall within the departmental workflows (this can include those incidents of a novel type). Similarly, if there is no departmental Default Assignee the task will fall to the Default Assignee at a company level. The actions within the workflow for which you may be a Default Assignee include: Conducting the Impact Analysis Approving the Impact Analysis Root Cause Analysis, Action Plan Completion Approving the Incident Closure Should you be required to carry out an action(s) as a Default Assignee you will be notified via email automatically. You may also opt to assign your designated action to another system user if you believe they may be better placed to execute the action request, this is the case for all queue stages except Waiting for Incident Closure. Additionally, in the case of conducting the impact analysis you may complete part(s) of the analysis, save it (by clicking the save button), and then reassign it to an individual who is better placed to define the impact values or other information. All tasks that you are required to carry out as a Default Assignee, for incidents, will be displayed in “Incidents Assigned Too Me” section on the landing page.
-
Q1. How does the action plan work?An action plan has a set of tasks that are associated with it for its execution. An action plan can be created manually by an Administrator or Senior t user and tasks can be assigned to users on the system. An action plan can also be created automatically on the submission of an incident if an action plan template has been defined for that incident type at the department or company level. If the action plan template has been defined at both department and company level for a particular incident type then the department level action plan template will be used to create an action plan. In the absence of a department level action plan the company level action plan will be attached to the incident. The task owners will be notified by email of any assignment of tasks and also of any pending and overdue tasks. The email notifications will be sent to task owners 3 days, 2 days and 1 day before due date and then every day when the task is overdue. These will also be visible on their Workbench in the Action List as well as on the Workbench Calendar. Action plan owner is also notified by email if any tasks in the action plan become overdue. They are also notified daily from one week before the action plan is due. If an action plan becomes overdue the action plan owner is notified by email on a daily basis until the plan is closed. Action Plans are created in order to ensure that all control failures that led to the incident have been identified and any subsequent tasks associated to remediating those failures have been given to the appropriate action owners.
-
Q2. How does someone link an action plan to an incident?Automatic Association: If the action plan has been created using a template and linked to an incident type then it will automatically become associated with that incident when the incident of that type is submitted Manual Association: When an incident is in “Waiting for Impact Analysis” or in “Waiting for Approval” or in “Waiting for Root cause analysis” status the default assignee can navigate to the Associated Action Plans tab and add action plans manually for the incident. Please note that the Action Plan should have been created before it could be associated to an incident.
-
Q3. How does someone link an action plan to a risk?Risk treatment involves developing options for mitigating the risk. Monitoring effectiveness and adequacy of existing controls is performed through control evaluations. If the applied controls are not effective then action plans can be associated to check their effectiveness. To link an action plan to a risk in Risk HAWC tool, login to the System: Within the system utilise the Lists Menu on the top and click on Risks in the left-hand side and select the desired risk from the list of Risks. Once within the risk utilise the filters, namely “Waiting for Control Identification / Residual Risk Evaluation” displayed on the right side of the page. Click on the risk title and you will be brought to the specific Risk Information Page. Navigate to the Associated Action Plans tab, and then click on select button to link an already created action plan to the risk. If the user wishes to create a new action plan and associate, can click on the create button in this tab. Follow the onscreen instructions to create the action plan and the tasks. Save and close the action plan pop-up. User will be able to see that the created action plan gets automatically linked with the risk.
-
Q1. What is a KRI?A KRI (key risk indicator) is a measure utilised to indicate the likelihood and impact of a risk eventuating. They are metrics used by organisations to provide an early signal of increasing risk exposures. For example, a useful KRI to monitor risks such as ‘procedural failures’ or ‘workplace injuries’ could be the monitoring of the percentage of staff that attend mandatory training sessions. To establish this as a KRI, a user will have to decide what numerical value (percentage or decimal figure) they will be submitting into the system on a periodic basis (this basis is determined when the KRI is submitted and can be set to daily, weekly, bi-weekly, ongoing, transactional, monthly, quarterly ,semi-annually, annually). Additionally, to create a KRI, the system will request the establishment of amber limit (initial warning level) and red limit (unacceptable level).
-
Q1. Why can’t I find the document I’m looking for?There are several reasons you may be unable to find a document. The most common reasons for this issue and what you may do is detailed below: Incorrect search term – double check your search parameters. Use the filters and search tools available to find your chosen document. You do not have the correct access rights –Visibility is strictly controlled of those who may see, download, and amend a document. The author or the approver may have specified that only specific persons, specific departments, or project teams etc. may be able to access it. Contact your Administrator if you believe this might be the case.
-
Q2. Who reviews the documents I upload?During the system roll-out your senior management team will have defined the persons responsible for the approval process within the document management workflow. Please contact your local Conduct Senior, Head of Department or Administrator for further details. Please note, if no approval process has been defined for a category of documents then no one will review/approve the documents. Therefore, they will be published automatically on the DocHub following upload.
-
Q3. How do I notify my colleague(s) that I’ve uploaded a document and they should read it?When you upload a document, you may specify on the Distribution page that you would like to send an email notification upon publishing the document. Please note, that if you are uploading a document to a category of the Doc Hub, that has an established approval workflow; it will not result in email notifications for readers until all those persons responsible for approving documents within that category agree that your document is ready for publication.
bottom of page