The Risk Assessment feature allows Admin Users to set up, launch, and manage workflows that guide Users through Risk Assessment activities. A Risk Assessment may include a single Risk, a selected group of Risks, or all of the Risks in the system. Multiple Risk Assessments may be active at once, however, a single Risk can only be part of one active Risk Assessment at a time.

Once a Risk Assessment is activated, each User who has been assigned at least one Risk in the assessment will receive an email. The email will contain a hyperlink into a guiding workflow that will lead the User through the process of assessing each of their risks. A risk assessment results in a single user providing their input (in the form of data updates or confirmations) on the individual risks assigned to them. This is different from Risk Voting activities, in which multiple Users or Contributors can provide their opinion about the scoring or other attributes of a Risk, without directly affecting the underlying data of a Risk.

Note that the Risk Assessment feature is an optional feature that must be first activated by an Admin User on the General Settings tab in the system administration screens. If you are an Admin User and you do not see this option (or are unable to activate this feature), it is likely that your organization’s subscription does not include this feature. Please contact Tracker Networks Support or your Tracker Networks representative.

Once the Risk Assessment feature has been activated, a green “Create Risk Assessment” button will appear in the upper right corner of the Enterprise Risk Console. Note that this button is only visible to Admin Users.

Once clicked, a configuration panel will slide out from the right side of the screen and check boxes will appear on the risks in the Rank column. The Admin User can optionally give the assessment a name and then must select at least one risk to include in the assessment activity. Admin Users may find it helpful to use the filters in the console to narrow down the risks displayed in the console window before making their selection. When the Admin User has selected all the desired Risks, they click “Create Assessment” in the slide out panel to move to open the Assessment Details screen, where they can finish configuring and launching the assessment.

The Assessment Details screen will show each of the Risks included in the assessment, who last assessed the Risks (if available), and the Risk Owner. The Admin User can then use the drop downs under “Assessor for this Assessment” to select the individual they wish to assess each risk in the current activity. Note that if the risk has been assessed before, this field will be pre-populated with the previous assessor. The Admin User can manually change this to a different user if they wish to do so. Please also note that only Standard Users and Admin Users can be selected from these drop downs. Read Only Users and Contributors cannot be assigned Risks in Risk Assessment activities.

Risks can be removed from the assessment by clicking the red X to the right of each listed Risk. Clicking the X removes the Risk from the assessment but does not otherwise affect the Risk. Additional Risks can be added by clicking the blue “Add risk to Assessment” link. Note that these features are still available after an assessment has been activated. Admin Users can continue to add and remove Risks (as well as changing assessors) until the assessment activity has ended.

The Admin User can click the Instructions banner to expose a field where custom instructions can be added for assessors on this specific assessment activity.

If the Assessment End Date field is left blank, the assessment will be open for 2 weeks by default. Admin Users can use this field to select a custom date and time for the assessment activity to end.

Once the Admin User is ready to start the assessment, they click on the green “Start and Send” button. The assessment will be activated, and individual emails will be sent to each of the Users listed as assessors in the assessment activity. In the example shown on the previous page, a single email would be sent to each of the users “Daniel Mohammed” and “Jason Doel” as they were the two assessors who have Risks assigned in the assessment.

Once an assessment has been activated, the Assessment Details page will update, as follows:

The details screen now shows the end date and time for the assessment. As well, the green “Start and Send” button has been replaced by a blue “End Now” button and two new columns have been added to the table in the lower portion of the screen. The “Status” column shows whether the assessment has been received for each Risk or not. The “Remind” column allows the Admin User to manually resend the invitation email to the Assessor for that Risk. Note that only one reminder needs to be sent to each User, as the reminder email will lead them to complete their assessment for any and all of their outstanding risks.

The Admin User can add new Risks to the assessment and can change the assessor for each Risk, at any point as long as the assessment is still active. Once the assessment has expired or been ended early (by clicking the End Now button), changes can no longer be made. The only value that can be changed once an assessment has ended is the name of the assessment.

If a Risk is added or an updater is changed during an active assessment, the Admin User will have to manually click “send now” in the Remind column to send each new assessor the invitation email.

The Admin User can return to this screen at any time by selecting “Assessments” in the drop down on “Risks” in the top menu bar (this option is only visible and available to Admin Users. Once selected, this will bring the Admin User to the Assessments Console, pictured below. The Admin User can click on the blue Assessment name to return to the Assessment Details page.

The Assessment Details page will be updated as the Users complete their assessment activities. In the example below, one user has completed their assessments and one has not. The Admin User may wish to use the “send now” link to send a reminder to the remaining User when the assessment activity is nearing its expiry date.

Once a risk assessment has been activated by the Admin User, as described in the previous section, each User assigned at least one risk in the assessment will receive an email notification, similar to the one pictured here.

Note that each User will receive only one email, even if they have more than one Risk assigned to them in the assessment activity.

The User can click on the Update Now button or paste the link provided into their browser window. The User will be guided through the authentication (login) process and then will be taken directly to the “My Risk Assessments” screen shown below.

Note that the User will not have to navigate through any screens or filters to access this screen. They will be brought here immediately upon successful login. The User will then be presented with a summary of the Risks that require their attention. The User can then click on the orange “Incomplete” button beside each Risk, (or on the blue risk name) to access the Risk Details screen where they will complete their assessment of the Risk.

Once Users arrive at the Risk Details screen, the top portion of the screen will contain a green “Mark Assessed” button.

Note that this button only appears to the User who has been assigned to assess this Risk. No other User (including Admin Users) will see this button if they happen to open the risk during the Assessment activity. This button will also only appear while the assessment is active. Once the assessment has ended (either by expiring or by the Admin User ending it early), the button will no longer be visible to the assessor of the risk.

Once the User arrives at the Risk Details screen, they would review and complete the screen as they normally would for a risk, as described earlier in this User Guide. When they have finished updating and/or reviewing this screen, they can finish their assessment by clicking the green “Mark Assessed” button. Doing so will open the following attestation pop up.

The User must then click the check box to confirm the attestation before they can select “Complete Assessment”. Once they do so, they will be returned to the My Assessments screen. This screen will be updated to show that they have just assessed one of the risks, as shown below.

The User repeats the process, working through each of the Risks assigned to them, until all of the Risks have been assessed and the My Risks Assessments screen has been updated as follows.

The User can return to the My Risk Assessments screen at any time by clicking on the link or button in the invitation email, or by navigating to the screen by clicking “My Assessments” in the drop down menu under “Risks” in the top navigation bar.

The User can change and reassess the Risk at any time, as long as the assessment is still open, by returning to this screen and clicking on the blue Risk name to access the Risk Details screen (or by navigating to the Risk directly through other routes).

If the User is not assigned any Risks in an active assessment, the My Risk Assessments screen will be blank and the User will receive a message telling them that they do not have any assessments assigned to them at that time.

Note that once a risk has been assessed, the date, time and name of the assessor will be displayed in the upper right corner of the Risk Details screen (pictured below). This information will be visible to all system Users during and after the assessment activity.