Overview

The Camms Risk Action/Risk Treatment Action feature lets you further improve controls and assist the risk management process.

Risk Action Performance Indicators

The performance indicator of a risk action will be denoted by one of the four colour coded performance categories: ‘On Track’, ‘Off Track’, ‘Monitor’ and ‘Not Applicable’, and will display within the Risk Action grid within all Risk Assessment tabs of all Risk Types, Risk Action Details page within all Risk Assessment tabs of all Risk Types, Risk Register or all Risk Types, My Quick Update grid for all Risk Types, My Quick Update Details page for all Risk Types, Risk Actions within Controls, Risk Actions created from completed Audit Recommendations, Linked Risk Actions of completed Audit Recommendations, Risk Action related Dashboard popups, and the Quick Risk Action Search.

Colour Codes

The below standard performance categories will be available:

  • On Track (green) – Indicates that the % completion of the risk action is on track.
  • Monitor (amber) – Indicates that the % completion of the risk action requires close monitoring to get the risk action back on-track.
  • Off Track (red) – Indicates that the % completion of the action is off track.
  • N/A (grey) – Indicates that the performance of the action cannot be calculated.
    Note: A grey coloured 'N/A' tag can be configured for your organisation for all 'Completed' action statuses instead of a green 'On Track' tag. To change this configuration, please contact Camms Support on support@cammsgroup.com..

Performance Calculations

  • Where the action's status is ‘Completed’, the performance would be always set to ‘On Track’.
  • Where the action's statuses are either ‘Deferred’ or ‘Ongoing’, the performance would be always set to ‘N/A’
  • Where an action has the status ‘Not Started’ or ‘In Progress’, the performance will be calculated as below:
    Performance = (Percentage Complete / Target Completion %) * 100
    • Percentage Complete = The actual performance of the action based on the percent complete value added (between 1 – 99). This is added by the user in the ‘% Completion’ field within the risk action.
    • Target Completion % = Target will be calculated considering the start and end dates with linear progression, whereby performance would be 0% on the start date, and 100% on the end date. 
      • Target = [(Current System Date - Action Start Date) / (Action End Date - Action Start Date)] * 100%
        Example: If the duration on the action is two months, at the end of the first month, the performance target will be calculated to be 50%.
      • If the ‘Current System Date’ is equal to the ‘Start Date’, then the calculated Target will be 0. In this event, the performance indicator will be shown as ‘On Track’. The performance calculation will be disregarded.
      • If the action has a ‘Start Date’ which is a future date, irrespective of status or % Complete, the performance indicator will be shown as ‘On Track’.

Performance Threshold Values

The threshold values can be configured via Administration > Configuration > Action Progress Threshold, to determine the thresholds for each performance category for the risk action. By default, the below values will be set, which can be changed if required.

  • On Track: If the percentage complete value is greater than or equal to 90 
  • Off Track: If the percentage complete value is less than 70 
  • Monitor: If the percentage complete value is less than 90 and greater than or equal to 70


Risk Action Grid in Risk Assessments

The risk action grid is located within any risk assessment tab for which it is configured for. The edit and delete actions will be displayed at the right corner, next to an added action.

Adding a New Action to a Risk

A new action can be added against a risk by entering the details in the grid in the assessment tab, and clicking the 'Add' button.

To add a new action to a risk:

  • STEP 1: Enter the details as per the table below.
FieldDescription/Instructions

Mandatory/Optional

StrategicOperationalProjectCorporate
Risk Action

Risk Action title

Mandatory
 

 

 
Responsible OfficerAssign a Responsible Person who will be monitoring and reporting on the status of the risk action. This will enable a link to this Risk Action to display on the designated person’s homepage.

The dropdown will list staff names for selection.

Mandatory



 

Business UnitAssign a Business Unit for this risk action. This is the Business Unit where the action will reside.
Note: This will be replaced by a pop up giving link access to the full organisation hierarchy in the new 'Flexible Hierarchy' structure.
Mandatory



Start DateSelect a start date to which this action is due to start.

Click on the calendar icon to select a date.

Mandatory



End Date

Select an end date to which this action is due to complete.

Click on the calendar icon to select a date.

Mandatory
Review FrequencySelect a frequency in the dropdown which the action needs to be reviewed and updated.Mandatory

 



Next Review Date

This field is updated based on the 'Current Review Date' + 'Review Frequency' selected.

Note: Currently, the Next Review Date updates automatically only when the reporting frequency is changed from the Risk Action Details page, and does not work when the reporting frequency is changed from the Risk Solution grid.

Optional
Action StatusSelect the current action status. Generally all actions will start off in a ‘Not Started’ state.Mandatory
Completion DateThe completion date will be automatically filled on the date the action status was changed to 'Completed'. This is editable if required. 

Optional


 

% Completed

If the action status is ‘Not Started’, then leave the % complete as 0.

If the Status is ‘in Progress’ then ensure you enter in a % complete value between 1 – 99.

Mandatory
PerformanceThe performance of a risk action will be denoted by one of the four colour coded performance categories: ‘On Track’, ‘Off Track’, ‘Monitor’ and ‘Not Applicable’.N/A
Control TitleIf an action is linked to one of your controls, you may link the control through this area.
Note: Additionally, Risk Actions can be created and linked through the controls section.
Optional
 

 
  • STEP 2:  Ensure you click on the ‘Add’ button to add your risk action to the table before you save.


Linking an Existing Action to a Risk

Clicking on the ‘Select Existing Solutions/Actions’ button, will let you select an existing action and link to the risk.

Clicking the button will open a pop-up, listing all existing actions for the organisation. Once an existing action is linked to the risk, data will be maintained uniquely for that risk.

The search area is provided in the existing action screen for the user to filter actions.

User Permissions for Adding/Linking Action to a Risk

The editing, deleting, adding is all based on the linked risk user permission.

E.g. If the logged in user does not have permission to edit the risk, the action grid edit/delete and add icons will be disabled.

Actions are checked or newly identified during the risk assessment process. Essentially, when a risk is assessed, you check if there are any existing actions in place to further help the controls which are put in place. The risk actions are taken as global templates. Hence, the title can be edited if you have permission to add/edit a Risk. Once an action is linked to a risk, the progress and other details are edited by the risk/action owner within the risk.

Note: If the configuration in the database to manage risk actions are unique for each linked risk, then the above updates will be managed separately for each risk with which they are linked to. If the configuration in the database is to manage risk actions commonly, then the above updates will be managed in collaboration, and when updated via a linked risk, the updates will reflect across all other risks with which the same action is linked to.

This configuration to manage risk actions commonly can be enabled by an administrator, by enabling the setting accessed via Menu > Administration > Configuration > Settings < Manage Risk Action Commonly.

Responsible people for the actions are assigned by the risk Responsible Officer (or one with a higher permission). Hence, an action owner cannot change their own assignments.


Risk Action Details

Navigate to the actions detail screen from the action register or from the action grids in the ‘Assessment’ screens by clicking on the hyperlinked action title.


The following details for the risk action can be seen here:

  • Risk Action title
  • Responsible Officer
  • Department
  • Start Date
  • End Date
  • Reporting Frequency
  • Completed Date
  • Next Update Required showing the next review date for the action
  • Linked Risks
  • Action Status – The below standard action statuses will be available:
  • Not Started – When the action has just been added and has 0% progress, the status will be automatically assigned as Not Started. This can be changed as and when the action progresses.
  • In Progress – Any progress between 1% to 99% will have a status of In Progress. This will default to 10% progress when the status is changed to In Progress at first, but can be updated to have any value between the above range.
  • Deferred – Will mark the deferred actions and will have no progress value. If an action was deferred when it had made some progress, the progress value existed at the point of deferring the action will be saved and locked. This status will be dropped from the overdue action logic throughout the application.
  • Ongoing – Ongoing actions will be marked with this status and will have no progress value. This status will be dropped from the overdue action logic throughout the application.
  • Completed – Marks the completion of an action, automatically setting the 'Completed Date' to the date on which the status was changed to Complete. The progress value will be 100%.
  • Percent Complete (Progress) 
  • Progress Comments 
  • Last Updated By will show the staff member who made the latest update to the action.
  • Time Stamp showing the date and time of the last update.
Notes: An Orgnisational Links column will be displayed to provide insight of the organisational nodes that are associated to the linked risks. 
  • The 'Organisational Links' column is currently applicable only for customers using the new 'Flexible Hierarchy' feature.
  • The 'Organisational Links' column will give you insight to the organisational nodes that are associated to the linked risks.
  • If a linked risk is linked to multiple hierarchy nodes, then the ‘Organisational Links’ column will display all nodes in a comma separated view. In the event there are no linkages, this column will display as 'N/A'.


Linkages

Add to Business/Strategic Plan

This will let an action to be either linked to the planning or organisation hierarchy. Depending on the risk type with which the action is linked to, the hierarchies available for linking would be determined. For Strategic and Corporate risk treatment actions, only the planning (strategic) hierarchy will be available for linking, whereas for Operational risks, both planning and organisation hierarchies are available. Only the organisation hierarchy will be available for Project Risk treatment actions.

The list of hierarchies will be displayed on the left-hand side with a list of all risks, risk treatment actions, and control solutions on the right-hand side. Control solutions will be marked by a red super scripted 'c' against the solution title for easy identification. 

  • STEP 1: A linkage can be made, by dragging the risk/risk treatment action or control solution you wish to link with a hierarchy node from the list, on to the node name.
  • STEP 2: Once a linkage is made successfully, click on either the node or the linked item to display all linkages in the area, in the mid section of the window. The linkages can be deleted by a user with the edit permissions.
  • STEP 3: Furthermore, you can expand the hierarchy tree up to the action/task level and link a risk treatment action with a Camms.Strategy action/task. If there is no existing planning action, you can add the risk treatment action as a new action/task.

Notes:
  • When this is done, a new action/task with the same details as the treatment action will be created in the Camms.Strategy product.
  • The two actions will behave independently despite the linkage, however, the progress information can be synchronised if required. This can be enabled by making a request to Camms Support. Please contact Camms Support if you wish to enable this progress synchronisation feature.

Convert Risk Action to Control

Once an action is completed to be 100%, it can be converted into a control via the below option. Doing so, the same action will be converted to a control with the same title and linked to the same risk, the action was linked to as a control. Within the control, the initial base action will be linked as a control solution.

Create Task from Risk Action

A user with the 'Edit Project Risk' permission will be able to use this functionality to convert a Risk Action/Solution to a Task by clicking on the 'task' icon at the end of each row of the table.

  • Once the 'task' icon is clicked, this record gets added to the Task tab within Camms.Strategy.
Notes: 
  • This feature will be made available only to clients who have purchased the Camms.Strategy product as well.
  • In order to synchronise the information between a task and an action, a parameter (SynchronizeRiskSolutionToActionAndTask) required to be enabled. Please contact Camms Support on support@cammsgroup.com to enable this synchronisation.
  • This feature can be hidden by Camms Support via an internal setting: 'HideConvertToTaskOption'.


Links

Risk Actions and Audit Recommendations

You can create a corresponding audit recommendation from a risk treatment action, and create a link between these two.

There are two ways in which a linkage between a Risk Action and an Audit Recommendation can be created.

1. Using an existing audit recommendation

2. Creating a new audit recommendation

To create a link using an existing audit recommendation:

  • STEP 1: Navigate to the 'Links' tab of the action and click the 'New' button on the right-hand corner of the window.

  • STEP 2: Select 'Audit Recommendation' in the 'Create a new linkage' dropdown. The following multi-select dropdown filters will be displayed, where you can filter from existing audit recommendations in the grid below and create a linkage:
    • Audit Title Select from the list of audit titles to filter from.
    • Audit Finding Based on the selected audit titles, audit findings will be filtered and listed to be selected from.
    • Organisational Links An independent filter to select business units (for standard permission clients) / organisational links (for flexible permission clients) within the organisation hierarchy to filter existing audit recommendations in the organisation. This filter will apply to all audits that have a direct linkage to the business unit / organisational link.
      Note: The filtered Organisational Links are not applicable to the new recommendation that will be created, but is used only to filter existing recommendations.

  • Once filtered, the existing audit recommendations will be listed in the grid below, with the following details:
    • Audit Title This column will display the titles of all audits selected in the filter. Details will be further filtered to list only those that have a direct linkage to the filtered business unit/organisation.
    • Audit Finding This column will display only audit findings that are linked to the selected audit title.
    • Audit Recommendation Number This column will display the audit recommendation number of the existing audit recommendation listed.
    • Audit Recommendation – This column will display the recommendation title based on the selected Audit Title and Finding.
  • STEP 3: To make a linkage, select the 'Link' checkbox next to the listed audit recommendation, and click the save button at the top of the page.
    Note: If any of the listed audit recommendations has the 'Link' checkbox ticked, it will denote that it is already linked, and you will not be able to link it again, since only one Audit Recommendation can be created for one Risk Action for all Risk types.

To create a link using a new audit recommendation:

  • STEP 1: Navigate to the 'Links' tab of the action and click the 'New' button on the right-hand corner of the window.
  • STEP 2: Select 'Audit Recommendation' in the 'Create a new linkage' dropdown.
  • STEP 3: You can filter Audit Titles and Finding Titles in the filters section if needed. If not, from the grid itself select from the following column dropdowns:
    • Audit Title column – This column dropdown will display the titles of all audits in the organisation. If an audit title has been selected from the filter area, the dropdown will be auto populated to the filtered title, but can be changed by selecting another option from the dropdown.
    • Audit Finding column This column dropdown will display the titles of all audit findings in the organisation. If an audit finding has been selected from the filter area, the dropdown will be auto populated to the filtered title, but can be changed by selecting another option from the dropdown. The dropdown will display only audit findings that are linked to the selected audit title.
      Note: A 'View Details' link will be displayed below the audit title and finding title dropdowns, and will let you view the details page of the audit or finding. This will be disabled and in grey colour till an audit/finding title is selected.
    • Audit Recommendation Number column   This column will be automatically populated with the new audit recommendation number upon saving the page.
    • Audit Recommendation Title column – This column will auto populate the risk action titles here. You can edit this detail up to 500 characters.
  • STEP 4: To make a linkage, select the 'Link' checkbox next to the listed audit recommendation, and click the save button at the top-right corner of the page.
    Note: If any of the listed audit recommendations has the 'Link' checkbox ticked, it will denote that it is already linked, and you will not be able to link it again, since only one Audit Recommendation can be created for one Risk Action for all Risk types.

The following mandatory fields will be auto populated in the Audit Recommendation page from for Risk Action Details page.

  • Audit Recommendation Title
  • Audit Recommendation Owner
  • Audit Recommendation Original Due Date
  • Audit Recommendation Review Frequency
  • Audit Recommendation % Complete
  • Audit Recommendation Status
  • Audit Recommendation Comments
  • Organisation Linkages
  • Once saved, the audit recommendation is created and a linkage is created between the audit recommendation and the risk action. The new audit recommendation will be listed in the Audit Recommendation Register too.
  • Once a link is created between an Audit Recommendation and a Risk Action, the following fields can be made to synchronise respectively:
    • Audit Recommendation field: Percentage Complete = Risk Action field: Percentage Complete
    • Audit  Recommendation field: Status Report Summary = Risk Action field: Comment
    • Audit  Recommendation field: Action Status = Risk Action field: Action Status
    • Audit Recommendation field: Responsible Officer = Risk Action: Responsible Officer
Notes: 
  • The above synchronisation will only be made possible, via enabling an internal setting ‘Enable synchronisation of Risk Action and Audit Action’ by making a request to Camms Support. Please contact Camms Support if you wish to enable this synchronisation feature.
  • Once ‘Enable synchronisation of Risk Action and Audit Action’ is enabled, the ‘Link to Risk Action’ column will appear under Menu > Audit Settings > Audit Action Status, letting you map the Audit Recommendation Status against a Risk Action status. The Status field will get synchronised only if the status is mapped. If the mapping is not done, then the Risk Action Status will not synchronise and will be empty within the Audit Recommendation.

  • The Risk Action linkage will display within the ‘Links’ tab of the newly created Audit Recommendation.
  • If you ‘Delete’ the link, this will only delete the linkage between the Risk Action and the Audit Recommendation, but not the Audit Recommendation.