Advanced Risk Search

You can use the Advanced Filter link to expand the search area so you can search on a number of extra criteria including:

• Contact – Select a Risk Contact from the drop-down list. Select All Contacts to clear the filter for this field.
• Div. Group – Select a Division Group from the drop-down list. Select All Division Group to clear the filter for this field.
• Risk Group – Select one of the following from the drop-down list:
• All Risk Group – Clear the filter for this field.
• External – Search for all External Risks.
• Internal – Search for all Internal Risks.
• Internal/External – Search for all Internal and External Risks.

Note: The Risk Group is set when creating the Risk Event by selecting a value for the Event Context field.

• Asset Type – Select an Asset Type from the drop-down list. Select All Asset Type to clear the filter for this field.
• Risk containing text – Search for a specific word in the Risk descriptions.
• Action containing text – Search for a specific word in the Action descriptions.
• Item ID – Enter the Risk ID for which you want to search in the text box.
• Other Ref No. – Enter the value for Other Ref No for which you want to search in the text box.
• Dates – Select either Date Identified, Date Recorded or Date Last Reviewed from the drop- down list. Enter the range of dates for which you want to search. Select All to clear the filter for this field.
• Source – If required, select Template to search for all Risks created from a Risk Template. Otherwise, leave this field blank.
• Severity – Select the field on which you want to search from the drop-down list. Or select All to search all the listed fields. When a specific field is selected (for example, Target Residual), you can then select one of the following:
• Equal to – Search for a specific value for the selected field.
• Greater than – Search for all values greater than the entered value for the field.
• Greater than or equal to – Search for all values greater than or equal to the entered value for the field.
• Less than – Search for all values less than the entered value for the field.
• Less than or equal to – Search for all values less than or equal to the entered value for the field.

Next, select the value for which you want to search from the drop-down list. The value in the drop-down list changes according to the field selected. 

Select whether you want to search for Opportunities and Risks, Opportunities or Risks. Opportunities are Risks which have the Set for Opportunity box selected. (See “Set For Opportunity”).

Click Advanced Filter to expand the search filter.

You can select from seven standard search results layouts (Dates, Entry, Location, Other, Ownership, Review and Value). You can edit those layouts as described in ““Search Results”.

The SART Indicator Columns

The SART columns indicate the status of each Risk without having to View each individual Risk.

• The short-form columns are used as follows:
• S – The Risk status:

These can be edited by the System Administrator by selecting the System tab then by selecting System Data and then by selecting Risk Status. Status codes that are essential to the system cannot be deleted.

Other status codes can be added by your System Administrator and can be deleted (unless they have been used in the system). Risks with non-system status codes are counted in the Dashboard under Other/Active but the system will not automatically process them in any way.

• A – The assessed rating. The Assessed Risk Rating is derived from the Consequence and the Likelihood – see “Risk Rating”.
• R – The residual rating as at this point in time. The Residual Risk shows the Risk once the completed Actions are taken in to account – see “Residual Risk”.
• T – The Target Residual if all Actions have been completed. Your system might be set up to use the term Planned Residual, in which case this column header is P. See “Target Residual” for more information.
• Act – The number of Completed Actions/number of Active Actions. For example, 1/3 indicates there is one Completed Action and three Active Actions.
• Ae – How the Action Effectiveness is calculated. For each Risk, displays either % or L.
• Ro – If the Residual Risk has been over-ridden, Y is displayed. If the Residual Risk has not been over-ridden, this is blank. See “Override Residual”.
• Item ID – The unique ID (which was either entered by a user or generated by the system). See “Item ID”.

View

Click the View link beside a Risk in the Search Results to open the selected Risk for viewing. To edit the selected Risk, select the required tab and then click the Edit button. After making the required changes, click Save to save the changes or Cancel to discard your changes.

Note: If, when you try to edit a Risk, you see user is editing this record, the record is currently being edited by another user. You will be allowed to edit the record once the other user has saved their changes, cancelled their edit, or once the record locking period has expired.

Delete

Click the Delete link beside a Risk in the Search Results to delete the selected Risk. A dialog is displayed asking you to confirm you want to delete the Risk and any Action or History associated with it. Click OK to delete the Risk and associated Actions and History, or Cancel to cancel the deletion.

Recently Viewed

Click Recently Viewed to view a list of the last 10 Risks you have viewed. The first Risk on the page is the last Risk you viewed.

Report Wizard

See “Report Wizard” for a detailed description on the Report Wizard.

Export Wizard

See “Export Wizard” for a detailed description on the Report Wizard.

Note: The Export Wizard tab is only visible in Internet Explorer Web Browsers.

New Risk

The following shows an example of the screen layout.

If the information on this form does not meet your requirements, discuss Custom Forms with your System Administrator. Custom Forms is an optional module that allows you to create and use different forms for different types of Risk. That means strategic Risks can be entered in brief while operational Risks may require more detail. Also, for example, Risks to employees may require more detail than Risks to the environment.

Context Tab

Division

Optional: Select the Division that will own the Risk from the drop-down list. Do not select the Division where the recorder, contact or owner works, but the Division that has agreed to own and, if necessary, manage Actions.

Division is mandatory if RBS is switched on by Division. Please refer to the OpRiskControl System Administrators’ Guide for more information about RBS.

Function

Optional: Select the Function that will own the Risk from the drop-down list.

Function is not visible unless Show Additional Enterprise Structure is selected.

Note For Administrators: On the System tab select System Settings, then select the Workflow tab. The Show Additional Enterprise Structure option is in the section with the title Workflow forms.

Project

Optional: Select the Project that will own the Risk from the drop-down list.

Project is not visible unless Show Additional Enterprise Structure is selected.

Note For Administrators: On the System tab select System Settings. Then select the Workflow tab. The Show Additional Enterprise Structure option is in the section with the title Workflow forms.

Location

Required: Select the Location from the drop-down list.

If a Risk is specific to an asset at a specific location, use a street address. If more general, use a city, council, region, state, country or global description. For employees at Risk during business travel, you might want to separate low Risk regions from high Risk regions, for example North America and South America.

Risk Type And Event Type

Required: Select the Risk Type from the list. The Risk Type is a potential Risk, not an identified specific Risk.

When the Risk Type is selected, the page will be re-displayed showing the Event Type to which the event belongs.

If you are not sure of the Event Type, select the Risk Type first so you get a filtered list of Event Types by Risk Type.

Asset Type And Asset

Required: Select the Asset from the list.

People use different terms for the item or area subjected to the Risk, such as asset at Risk, object at Risk, or element at Risk. An area at Risk can be a real asset such as a machine, critical infrastructure, a production line, a plantation or can be more intangible such as intellectual property, a process, a project, a revenue stream, reputation, image or goodwill. This is the thing that will be affected if the Risk eventuates.

When the Asset is selected, the page is re-displayed showing the Asset Type to which the Asset belongs.

If you are not sure of the Asset, select the Asset Type first so you get a filtered list of Assets by Asset Type.

Classification

Optional: This field allows the customer to define another dimension of classifying Risks. Risk Classifications are set up in Reference Data and used here.

Structure Filter

Your database will contain separate data tables containing your organisation’s divisions and departments. Normally they are not linked in any hierarchical structure. However, your System Administrator might have linked them to make data entry easier.

When using the structure filter during new Risk data entry, when you select a division, the picklist for department is filtered to only show those departments that belong to that division.

If you have not already selected a Division, you can also commence data entry by selecting the department and the division picklist is filtered to show the division to which the department belongs.

You can switch off this filter using Clear Context on the data entry form if a valid relationship has not been set up. If there is no relationship configured, the second drop-down is not filtered.

Risk Status

When a new Risk is created, its status is set automatically according to the setting for Default Status for New Risk which is set by the System Administrator. A new Risk will normally default to either Open or Input. When a new Risk is automatically set to Input it enables a Risk manager to validate the Risk before setting it to Open (which means it is active).

To close a Risk, change its status to Closed and enter the date closed.

When a Risk is created erroneously, change its status to Cancelled. The date closed is not changed in this case.

Should the Risk need to be suspended for any reason (for example, the condition cannot logically exist at a point in time but may do later), change the status to Suspended so that it is not actively monitored. The date closed is not entered in this case.

Item ID

Automatic: Your System Administrator might have configured the system to have the ID automatically populated (i.e. select the System tab then select the General tab and select the option Autogenerate Codes). If the Risk ID is automatically generated, the system uses the database unique ID for the Risk record but does not guarantee sequential allocation of unique ID.

Optional: If your System Administrator has not configured the system to have the ID automatically populated, you can enter a Risk ID in this data field. It is recommended that you enter a unique Risk ID. If you enter an Item ID manually, the system does not validate that the ID is unique.

Other Ref No

This field can be used, for example, to record a Risk’s old reference number when it is imported from a different system.

Title

Required: Enter the Risk Title, keeping it short but unique.

This is a short description (up to 100 characters) of the specific Risk, and is used in reports.

Description

Required: Enter the Risk description. The description might include words describing vulnerability, consequences or impact.

This is a general description of the Risk describing how the asset is vulnerable and/or what the consequences would be if left untreated. There are many more data fields to describe the Risk in specific ways.

If the space is not enough to describe the Risk, or a separate Risk assessment has been documented, then link to that document using the Documents tab.

Categories

Optional: click on the ellipsis button to open the Category Selector. The list of configured Categories is opened.

Select the Categories you want to add to the Risk and then close the Category Selector window.

Cause

Optional: This field is used to document the cause of the Risk and usually describes the hazard and the conditions that can cause the Risk event.

Existing Controls

Optional: This field is used to document the existing controls. There are many ways to document existing controls depending on the level of detail you want to use to document and rate the existing controls:

• No assessment of the effectiveness of the existing controls 

You may do the assessment with current controls in place and list the current controls in the text box named Existing Controls. This means you will not be going back to assess the Inherent Risk, but assessing the Risk as it is now with existing controls in place. This is the quickest way to get control of current Risks but not the most complete way to document Risks. If there is not enough space in the Existing Controls text box, you may document the current controls in an attached document.

• Record current controls separately but with no assessment of effectiveness

You may do the assessment with current controls in place and document the current controls individually as Actions (on the Action page) under a heading named Current Controls and don’t use a percentage or level reduction for any current controls. This means you will not be going back to assess the Inherent Risk, but assessing the Risk as it is now with existing controls in place. This is a quick way to get control of current Risks but not a way to record the effectiveness of each current control.

• Record separately and assess effectiveness

If you want to show the effect of current controls, you must do a Risk assessment and document the current controls as Actions (on the Action page) under a heading named such as Current Controls. You must provide a percentage or level reduction for each current control. You can have any number of current controls and/or Actions per Risk. The system supports a one-to-many relationship between Risks and controls. The control effectiveness rating information is entered in the Action portion of the system (as either percentage or level reductions for likelihood, consequence or Risk transfer), and reflected in the Residual Risk on the main Risk form. (See “Existing Control”).

Early Warning Trigger

Optional: Enter a description of any possible early warning signals.

Action Strategy

Optional: This field is used to document the overall Action strategy. It can describe (at a high level) the Actions that are documented on the Action pages. This field is printed on the Risk Management Report – you should therefore be careful not to rename it and use it for something else.

Likelihood

Required: Select the Likelihood. The descriptions can be edited by your System Administrator. Click … next to Likelihood to see the definitions for Likelihood.

Consequence

Required: Select the Consequence. The descriptions are editable by your System Administrator. Click … next to Consequence to see the definitions for Consequence.

Risk Rating

Automatic: The Risk Rating is the level of Risk and is derived from Likelihood and Consequence. The Risk Rating may be the Inherent Risk Rating (or known as Assessed Rating) and is often shown as Rating for short as a column header on search results and reports.

Click … next to Risk Rating to see the definitions for Risk Rating.

Residual Likelihood

Automatic if Automated Residual Risk Formula is set to Standard.

Note For Administrators: Select the System tab, then select System Settings and select the Formula tab.

If Automated Residual Risk Formula is set to None in System Settings, or if Override Residual is set on any Risk, then select the Residual Likelihood from the drop-down list.

Residual Consequence

Automatic if Automated Residual Risk Formula is set to Standard.

Note For Administrators: Select the System tab, then select System Settings and select the Formula tab.

If Automated Residual Risk Formula is set to None in System Settings, or if Override Residual is set on any Risk, then select the Residual Consequence from the drop-down list.

Residual Risk

Automatic: The Residual Risk is the residual level of Risk after completed Actions, and is derived from the Residual Likelihood and Residual Consequence. It is often shown as Residual for short as a column header on search results and reports.

Click … next to Residual Risk to see the Risk Matrix, and the location of the current Risk in the matrix.

Override Residual

Optional: Select this option to allow users to Edit the Residual Likelihood and Residual Consequence. If this is under RBS control, only users with the correct permissions can override the rating. This option allows a user to document the results of a residual Risk assessment without having to back-calculate the effectiveness of the controls or Actions.

Please refer to the OpRiskControl System Administrators’ Guide for more information about RBS.

When selected, the Residual Likelihood and/or the Residual Consequence fields can be changed.

Click on the Residual Likelihood and/or the Residual Consequence fields and change the settings as required. The Residual Change Rationale field is now active and can be edited. If required, enter the rationale for editing the Residual Likelihood and/or the Residual Consequence fields.

Click Save to save the changes to the Residual Likelihood and/or the Residual Consequence fields and to the Residual Change Rationale field. The previous entry for the Residual Change Rationale field is written to the Residual Change History field, so that all entries are recorded and can be reviewed. (The Residual Change History field is read-only.)

When no Rationale is entered, the entry No Residual Change rationale was entered is added to the Residual Change History field when a change is next made.

Target Likelihood

Automatic if Automated Residual Risk Formula is set to Standard in System Settings.

If Automated Residual Risk Formula is set to None in System Settings, or if Override Residual is set on any Risk, then the Target Likelihood displays the over-ridden Residual Likelihood.

Target Consequence

Automatic if Automated Residual Risk Formula is set to Standard.

Note For Administrators: Select the System tab, then select System Settings and select the Formula tab.

Target Residual

Automatic: The Target Residual is the same as the Residual Risk Rating except that it assumes all planned Actions have been completed. The Target residual is shown as Target (for short) as a column header on search results and reports.

Exposure Period

Optional: Select the exposure frequency of the likelihood of the event occurring. This field is not used in any automated analysis and is provided for documentation only.

Note: Exposure Period is displayed when Allow Other Rating Information is selected on theWorkflow tab and when Hide Other Rating Information is cleared on My Form Settings.

Occurrences Per Period

Optional: If applicable, enter the number of times exposure might occur in the exposure frequency (if applicable). This field is not used in any automated analysis and is provided for documentation only.

Note: Occurrences Per Period is displayed when Allow Other Rating Information is selected on the Workflow tab and when Hide Other Rating Information is cleared on My Form Settings.

Potential Risk

If you want to nominate a potential Risk that can be higher than your Inherent Risk or Residual Risk (e.g. a worst case scenario), then select it here, else leave it blank.

This field is not used in any automated analysis and is provided for documentation only.

Note: Potential Risk is displayed when Allow Other Rating Information is selected on the Workflow tab and when Hide Other Rating Information is cleared on My Form Settings.

Recorded By

Automatic: The name of the user who recorded the Risk is entered automatically.

Contact

Required: Select the Risk contact (the user who will generally manage the Risk) from the list.

Owner

Required: Select the Risk owner (the user who has overall responsibility for the Risk) from the list.

Approved By

Optional: This field has been provided for workflow management, and is under RBS control so that only those with approval permissions can approve a Risk as being a valid Risk. Please refer to the OpRiskControl System Administrators’ Guide for more information about RBS.

Date Approved

Optional: This field has been provided for workflow management, and is under RBS control so that only those with approval permissions can enter the date. Please refer to the OpRiskControl System Administrators’ Guide for more information about RBS.

Assessed By

Optional: The lookup field Assessed By is linked to the table Other Party. An Other Party is a party that is sharing the Risk (e.g. sub-contractor) or has completed the Risk assessment.

Date Identified

Required: Enter the date the Risk was identified. It defaults to the current date, but can be altered and backdated.

The USA date format, is 01/15/2003 (with slashes) to represent 15-Jan-2003. If you are not using the USA date format, enter 15/01/2003.

Date Recorded

Automatic: The system will enter the date the Risk was recorded and it cannot be altered.

Review Frequency

Required: The Review Frequency defaults to the setting for Default Review Frequency in your Context Profile preferences but it can be changed. Select the frequency of review, as required. This value is used elsewhere in Risk review analysis and therefore it must be entered.

Date Reviewed

Automatic: The date the record was last reviewed (for example, when either the Likelihood or Consequence estimates were changed). On a new record, the date will default to the current date.

Optional: When reviewed, and if there is no change to either the Likelihood or Consequence, the date the record was last reviewed can be changed by the user.

Date Next Review

Automatic: The system will add the number of days of the Review Frequency to the Date Reviewed to determine the date of the next review.

The Date Next Review drives the automatic alerts via the Notification Manager and the posting of alerts to the Alerts page for Risk Reviews.

If the review date is due, the message Due will appear in red under the Date Next Review.

If the review date has passed, the message Overdue will appear in red under the Date Next Review.

Date Exception Expires

A Risk can be configured with its Status set to Suspended, and with a date that determines when the Risk becomes active. When that date is reached, the Risk’s status will be changed from Suspended to Open.

Compliance Alert To

A Compliance Alert can be displayed on a User’s Alerts tab. Select a user from the drop-down list.

Alert Date

Select a date from the calendar.

On the selected date, an Alert is displayed on the selected User’s Alerts tab (on the Compliance Due page).

Financial Impact

Optional: Enter the monetary value of the potential loss (or gain), if required by organisational standards. This value is used elsewhere in the Action cost-benefit analysis and therefore should be estimated. The currency symbol (e.g. £) is not required.

Action Costs

Automatic: This is the sum of all Action and Existing Control Actual Cost values where:

• The Action/Existing Control is Active.
• The Action/Existing Control has In Cost-Benefit selected.
• The Action has a Completed Date.

Action Benefits

Automatic: This is the sum of all Action and Existing Control Action Benefit values where:

• The Action/Existing Control is Active.
• The Action/Existing Control has In Cost-Benefit selected.
• The Action has a Completed Date.

Retained Risk

Automatic: The Retained Risk is a currency value and derived as follows. Retained Risk = Financial Impact + Action Costs - Action Benefits

Likelihood Action Reductions

Automatic: This shows the total effectiveness of all active controls and Actions in reducing the likelihood of the Risk.

It is shown either as a percentage (%) or level (L) reduction, depending on the Action Reductions setting (on the Controls and Actions tab).

Consequence Action Reductions

Automatic: This shows the total effectiveness of all active controls and Actions in reducing the consequence of the Risk except by way of Risk transfer.

It can be shown as a percentage (%) or level (L) reduction, depending on the Action Reductions setting (on the Controls and Actions tab).

Transfer Action Reductions

Automatic: This shows the total effectiveness of all active controls and Actions in transferring the Risk.

It can be shown as a percentage (%) or level (L) reduction, depending on the Action Reductions setting (on the Controls and Actions tab).

Overall Control Effectiveness

The Control Design and Control Implementation fields are visible when Activate Control Effectiveness Matrix is set in System Settings.

Note For Administrators: Select the System tab, then select System Settings and select Options. The Activate Control Effectiveness Matrix option is listed under the Options heading. Otherwise Control Effectiveness will be a drop-down by itself.

Optional: Select a value for the Control Design from the drop-down list.

Optional: Select a value for the Control Implementation from the drop-down list. These values are then used to calculate the Control Effectiveness.

The Financial tab is described in “Financial Impact”.

Control Effectiveness

Optional: The Control Effectiveness field is for documentation purposes only and does not get involved in the automated calculation of the residual Risk rating. The Control Effectiveness is the overall effectiveness of all active Actions.

When the option for Activate Control Effectiveness Matrix is set in System Settings, this field is not editable because it is derived from the Control Design and Control Implementation.

When the option for Activate Control Effectiveness Matrix is cleared in System Settings, select a Control Effectiveness from the drop-down list.

Controls Adequate

Optional: Can be used to indicate whether the Actions/controls in place are adequate to mitigate the Risk. It is for documentation purposes only and is not included in the automated calculation of the Residual Risk rating.

Acceptable

Optional: Can be used to indicate whether the level of Risk is acceptable to the organisation. It is for documentation purposes only and is not included in any automated calculations.

Action Reductions

Required: This field will default to By Level or By Percentage, as specified on the Formula tab of the System Settings. It can be changed here so that automated calculation of residual Risk performs the calculation using level reductions (e.g. 1 or 2 levels) or percentage reductions (e.g. 25% or 50%).

Note: When the Default Action Reduction is set on the Formula tab of the System Settings, and Lock is also selected, the Action Reductions cannot be changed here.

Set For Opportunity

If the current Risk relates to an opportunity, check the Set for Opportunity box so that later you can produce reports related to opportunities separately. (For example, select the Executive Summary Report and configure it to make the Opportunity column visible.)

Print Button

Click the Print button to create a Risk Detail report which contains the selected Risk detail on one form.

Select the details you want to appear in the Risk Detail report and click Print or Export.

The Risk Detail report is displayed in a new browser window. From here you can print the report, if required.

Replicate Button

You can create a new Risk by copying an existing Risk. You will then need to change Title before you can save the Risk. The new Risk will have the same settings as the original with the exception of the following:

• The name of the User who copied the Risk appears in the Recorded By field.
• The Item ID is automatically created when Autogenerate Codes is selected on the System tab and the copied Risk is Saved.

Note For Administrators: Select the System tab, then select System Settings and select the General tab. The Autogenerate Codes option is on this page.

• Actions are not copied and therefore there will be no Actions associated with the copied Risk.
• The dates on the Ownership and Dates tab are revised as appropriate (for example, Date Next Review will be recalculated).
• Data fields on the Financial tab are cleared (because no Actions are associated with the copied Risk).
• Edit the copied Risk as required and Save the Risk.

When Show Additional Enterprise Structure is selected, you can copy (Replicate) a Risk to another Function or Initiative.

Note For Administrators: On the System tab select System Settings. Then select the Workflow tab. The Show Additional Enterprise Structure option is in the section with the title Workflow forms.

Replicate With Actions Button

You can create a new Risk and Actions by copying an existing Risk and its Actions. You will then need to change the Risk’s Title before you can save it. The new Risk will have the same settings as the original with the exception of the following:

• The name of the User who copied the Risk appears in the Recorded By fields (for the Risk and the Actions).
• The Item ID (for the Risk and Actions) is automatically created when Autogenerate Codes is selected on the System tab and the copied Risk is Saved.

Note For Administrators: Select the System tab, then select System Settings and select the General tab. The Autogenerate Codes option is on this page.

• The dates on the Ownership and Dates tab are revised as appropriate (for example, Date Next Review will be recalculated).
• Edit the copied Risk as required and Save the Risk.

When Show Additional Enterprise Structure is selected, you can copy (Replicate) a Risk to another Function or Initiative.

Note For Administrators: On the System tab select System Settings. Then select the Workflow tab. The Show Additional Enterprise Structure option is in the section with the title Workflow forms.

Route To

Work is routed to specific people (or User Groups) via the Route To button on the main Risk form.

This buttons allows work (on Risk, Action or control) to be routed to another user regardless of whether they are currently associated with the work. It also allows different parcels of work to be routed to different people (e.g. for approval of two different treatments), or the same parcel of work to be routed to multiple people (e.g. for optional review and comment).

Staple Button

Risks are created by division, department, location, and so on, or by Risk rating level. However, sometimes you might want to manage a group of Risks regardless of their home business unit or their Risk ratings.

If, for example, the members of the Board of Directors have nominated a number of things they want attended to before the next board meeting, you are able to create Stapled Groups. You then staple any relevant Risk to that Stapled Group and manage them as a group regardless of their home business unit.

Before risks can be stapled, Activate Risk Stapling must be checked in System Settings. Also, a Stapled Group needs to be created by selecting the Risks tab, then select Stapled Risks and click the New Group button.

After a Stapled Group is created, a Risk can be associated with it via the Staple button at the bottom of the Risk form in View mode.

The list of Risks which have been Stapled together can be viewed by clicking the number in the Risks column for the appropriate Stapled Group.

Note For Administrators: On the Risks tab, select Stapled Risks to edit and create Stapled Groups.

If a Risk has already been Stapled, the button at the bottom of the view form will change from Staple to Stapled.

To remove a Risk from a Staple Group, select Stapled Risks from the Risks tab, click on the number of Risks in the Stapled Group.

The Risk which have been Stapled to that group are listed. Click Remove to remove the Risk from the Stapled Group.

In the Risk Search Results and Reports (Risk List, Actions Status, Executive Risk Summary) if the Stapled column is included in the Report it is displayed as SG (for Stapled Group). Stapled Risks have a tick in the SG column.

Standard Button

The Standard button is displayed in Risk View mode if the current linked Risk Event has an associated standard. Standards are configured in the Reference Data, and optionally associated with Risk Events in the Reference Data.

Note For Administrators: Please refer to the OpRiskControl System Administrators’ Guide for more information about configuring a Standard for a Risk Event.

Document Name

Optional: Enter the name (including file path) of any Risk document if the document relates to this specific Risk. You can Browse for the document to capture the path and name.

Created

Optional: Enter the date the document was created, or at least attached to the Risk. The date defaults to the current date.

Author

Optional: Select the author of the document if the author is on the user list, or leave blank.

Revised

Optional: Enter the revised date if the document was revised, or leave blank. If the document details are changed, the system uses the current date by default. However, this can be edited, or left blank.

Version

Optional: Enter the document version number, or leave blank. This is a free format text field and is not validated in any way.

Attached By

Optional: Select the user who revised the document if the user is on the user list, or leave blank.

Security Class

Optional: Enter the document security code, or leave blank. This is a free format text field and is not validated in any way.

Status

Optional: Enter the document status code, or leave blank. This is a free format text field and is not validated in any way.

Stakeholder

Apart from Risk contact, Risk owner and Action owner, additional people might be interested in a particular Risk.

Stakeholders can be selected from the list of users and contacts. If a stakeholder needs to be alerted if anything changes in relation to the Risk, then select Alert.

Both Type and Review Date are optional. A typical Type will be Reviewer in free text. If a Review Date is set, it will be picked up in the Notification Manager under Updates and Reminders, Risk Reminders.

Alerts

Stakeholder alerts requires the Notification Manager. There are two types of alerts:

1. A user has been added to the list of stakeholders.
2. The Risk has been updated in some way.