Camms is pleased to bring you the Quarterly Product Release Notification for Camms.Risk.

This quarter we've got a number of exciting new features and enhancements to improve your user experience within the system, which will be available in your Test environment on 11th September 2021 and will be available in your Live instance on 25th September 2021.


1. Flexible field configurations for Operational and Corporate Risk types

Administrators will now be able to configure standard and custom fields for all tabs in Operational and Corporate risks as it is for Strategic and Project risks. Further, you will be able to change the order of fields and setup help text that will be visible when hovering over the field name.

How do you configure this?

  • Users who have ‘Administrator’ permission in static hierarchy (accessed via 'Camms.Risk > Administration > Manage Users') or ‘Risk Setting’ permission in flex hierarchy (accessed via 'Camms.Risk > Administration > Role Management') will be able to configure the Risk fields.
  • The configurability of Risk fields can be accessed in the Field Configuration page in 'Camms.Risk > Framework > Risk Settings > Field Configuration > Operational / Corporate'.

    Note: The tab names for each risk type will display as per your configured labels.

  • The following configurations can be done for all three assessments tabs (Initial, Revised, and Future) and the Risk Review tab for Operational and Corporate risk types.

    Note: If the ‘Future Assessment’ is not ticked via 'Menu > Framework > Risk Settings > Initial Settings', the Future Assessment tab will be hidden.

    • Ordering – The order can be configured by selecting the field by ticking the ‘Ordering’ checkbox and then clicking the up or down arrow keys at the top-right corner of the page. Additionally, the field order can be changed easily by dragging and dropping the field by selecting the field from the three dots in the right-side corner.
    • Label Name The field name can be changed as per client preference by providing the label name in the ‘Label Name’ column.
    • Help Text Help text for each field can be configured under the ‘Help Text’ column.
    • Visibility – The field visibility within each detail page can be configured by selecting this tick box. The visibility of some fields are visible by default, as mentioned below.
    • Mandatory – The mandatory state of the field can be configured by selecting this tick box. Enabling this, would prompt you to enter information and not saving it with a blank value. The required state of some fields are set by default, as mentioned below.
    • My Quick Update A new column named ‘Quick Update’ has been introduced in each of the sub tabs. This will provide the ability to configure the fields in the My Quick Update, expand detailed view. In order for the field to be visible in the expand view, the field must additionally be made visible. The expand view will only show data from either one of the assessment details pages. This is governed by a pre-defined set of logic based on the calculation of the risk rating in either of the three assessments. Please see figure 1.2 for the logic by which the data will be displayed in the expand view.
      The My Quick Update grid will remain not configurable and will remain as per the existing system behaviour.

Figure 1.1: Quick update column to configure visibility within Operational and Corporate risks


Figure 1.2: My Quick update visibility based on risk rating logic
 

Figure 1.3: Rearrange order and add help text for Operational and Corporate risk fields


Initial, Revised, and Future tabs

  • The Initial assessment details page will list the following fields where the visibility and the mandatory state cannot be changed. Therefore, these will be ticked and disabled. However, the visibility of these fields for the Revised and Future tabs can be configured in these respective sub tabs and will appear as labels.
    • Risk Title
    • Risk Active Status
    • Risk Owner
    • Risk Category
    • Risk Code

      Note: The Risk Code field will be the only field among the list above where the mandatory option will be enabled for configuration. The setting 'IsRiskCodeRequired’ in the Initial settings section will be removed and handled via the Mandatory checkbox.

  • The following fields are  configurable for its visibility and its mandatory state. However, data input is only possible within the Initial Assessment tab. It will display only as labels in the Revised and Future Tabs.
    • Business Unit
    • Responsibility Center

      Note: This field is enabled within the Field Configuration area based on the existing parameter ‘RiskResponsibilityCenter’. The visibility of this field for each risk type can now be handled via the Visibility checkbox. Please contact Camms Support on support@cammsgroup.com if you wish to get this field enabled.

    • Teams

      Note: This field is enabled within the Field Configuration area based on the existing parameter ‘ShowTeams’. The visibility of this field for each risk type can now be handled via the Visibility checkbox. Please contact Camms Support on support@cammsgroup.com if you wish to get this field enabled.

    • Risk Secondary Owner

      Note: This will replace the existing setting which could be accessed via Risk Settings > Initial Settings > Multiple Risk Owners.

    • Primary Risk Sub Category
    • Secondary Risk Sub Category
    • Risk Identified

      Note: The setting ‘Risk Identified Required’ in the Initial settings section will be removed and handled via the Mandatory checkbox.

    • Risk Identifier
    • Links
    • Causes
    • Consequences

      Note: The Causes and Consequences fields are enabled within the Field Configuration area only upon activating the internal Bow Tie setting. Please contact Camms Support on support@cammsgroup.com if you wish to get these fields enabled.

    • Risk Appetite Rating
    • Risk Appetite Benchmark

      Note: The Risk Appetite Rating feature must be enabled for these fields to be enabled within the Field Configuration area. The appetite feature can be enabled by selecting the setting ‘Enable Risk Appetite Feature’ within the Configurations page (accessed via 'Camms.Risk > Administration > Configurations > Settings').

    • Additional Controls
    • SWOT Type – Available for Strategic, Operational, and Corporate Risks and customers that have a Camms.Strategy subscription.
    • Show in Environment Analysis – Available for Strategic, Operational, & Corporate Risk and customers that have a Camms.Strategy subscription.
  • The following fields will show/hide within the field configuration area, based on the internal settings ‘EnableFlexibleOrganisationHierarchy’ (Flexible Organisation Hierarchy):
Flexible  Organisation Hierarchy
Static Organisation  hierarchy
Organisation links
Responsibility Center

Business Unit (only for Operational risk)

Teams


Notes:

  • An administrator will require to configure the order of the field ‘Teams’ to be placed after ‘Business Unit’, since it will populate based on its selection of the Business Unit.
  • The Responsibility Center field will display as a button and when clicked, will display the static organisation hierarchy in the order of Business Unit Grouping, Business Unit, and Service Profile.
  • The fields below can be managed assessment wise for its visibility and mandatory state, and will be editable in all three assessments:
    • Risk Assessment

      Note: The visibility of Risk Assessments can now be managed via the Field Configuration area, without having to turn off the visibility via 'Menu > Framework > Risk Settings > Criteria'.

    • Monte Carlo Analysis
    • Risk Treatment
    • Controls
    • Solutions
    • Legislation
    • Business Process
    • Causes (Custom)
    • Consequences (Custom)
    • Existing Controls
    • Future Controls
    • Stakeholder
    • Document Reference
    • Audit Observations
    • Multiline Custom field 01 – 10
    • Custom List field 01 – 20
    • Custom Tick-box 01 – 05
    • Custom Text field 01 – 10
    • Custom Date field 01 – 05
    • Custom Numeric field 01 – 05

      Note: Field configured previously for custom list field 01, 02 and Multiline Custom Fields 01-07 have now been included as standard fields within the Field Configuration area and new custom fields have been introduced instead.

  • The below hyperlinked fields contain extra properties that could be enabled via the Field Configuration area, assessment wise:

Field name
Property name
Description of the property
Risk Assessment
Show Risk Score
By ticking this property, the Risk Score will be displayed in the Detail pages, Register, EIS, and Dashboard area.
Risk Appetite Rating
Show Risk Appetite Score
By ticking this property, the Appetite Score will be displayed in the Detail pages, Register, EIS, and Dashboard area.
Primary Sub risk category
Select only one Risk Sub Category

By ticking this property, it limits you to select only one Primary Sub Risk Category.

Risk Status
Editability only for Risk Manager and Administrator
By ticking this property, only a Risk Manager or Administrator is able to edit the Risk Status tick box.
Note: This property will show only when the internal setting ‘EnableFlexibleOrganisationHierarchy’ is disabled
Risk Status
Editability by any user
By ticking this property, any user is able to make a risk active/inactive.
Secondary Risk Owner
Allow multiple risk owner selection
By ticking this property, it will enable the staff dropdown to be a multi selection, where multiple risk owners can be selected.
Secondary Risk categories
Show Risk secondary sub risk category
By ticking this property, the subcategories for the secondary risk categories will list as a multiple selection dropdown.
Risk Identifier
Risk identifier to be a staff selection
By ticking this property, the risk identifier can be selected from a staff dropdown.


Figure 1.4: Risk assessment – Show risk score setting


Risk Review Tab

  • The ‘Risk Title’ and the ‘Risk Active Status’ fields can be configured to be visible, but cannot be made mandatory, since these are label fields.
  • The following fields will be available, but its visibility and mandatory state cannot be changed for the Risk Review tab, and therefore will be ticked and disabled:
    • Review Frequency
    • Last Reviewed By
    • Last Reviewed Date
    • Next Review Date

  • The following fields that were under 'Menu > Framework > Risk Settings > Review Commentary', has now been moved to the ‘Field Configuration’ area. These fields will be hyperlinked, which will provide an extra setting ‘Read Only’ and when ticked, will display only as read-only fields.
    • Risk Owner Comments
    • Previous 6 Months Highlights
    • Management Comments
    • Next 6 Months Planned Activities
  • The below custom fields have been introduced in the ‘Risk Review’ area:
    • Custom List field 01 20
    • Custom Tick-box 01 05
    • Custom Text field 01 10
    • Custom Date field 01 05
    • Custom Numeric field 01 – 05

Figure 1.5: Risk review tab in Operational and Corporate risks


Field name
Property name
Description of the property
Review > Next Review Date
Update the Next Review Date when the Comment is updated
By ticking this property, the Next Review Date will automatically update based on the selected frequency when a comment is updated.
Review > Next Review date
Editability only for Risk Manager and Administrator

By ticking this property, the Next Review Date field is editable only to the Risk Manager and Administrator.

Note: This property will show only when the internal setting ‘EnableFlexibleOrganisationHierarchy’ is disabled.
Review > Review Frequency
Update Frequency based on the Risk Rating

By ticking this property, the Risk Review Frequency field will automatically update based on the risk rating. 

A frequency can be defined for a risk rating under 'Menu > Framework > Risk Settings > Risk Type'.


2. Introducing Reassign Staff Responsibilities page to Camms.Risk

This enhancement enables the Reassign Staff Responsibilities area to be accessible for customers who only have access to Camms.Risk (previously available in Camms.Strategy), and will further extend its coverage to include transferable responsibilities in the Camms.Risk Incident and Camms.Risk Compliance modules.

How do you configure this?

2.1 For clients using the standard permission structure

  • This page will be accessible for users with ‘Administrator’ or ‘Risk Manager’ permissions within ‘Manage Users’ (accessed via main Menu > Administration > Users > Manage users) page.
    Figure 2.1: Users with administrator or risk manager will be able to access this page

2.2 For clients using the flexible hierarchy permission structure

  • A new permission called ‘Reassign Staff Responsibilities’ will appear under ‘Administration’, under the ‘Risk’ product, within the ‘Role Management’ area. Users with access to the role management area can configure permissions via 'Menu > Administration > Role Management > [New icon / Edit icon of an existing role] > Product [Select Risk] > Risk > Administration > Reassign Staff Responsibilities'.
    Figure 2.2: Reassign staff responsibilities permission for clients who only use Camms.Risk

How does this work?

  • Once the above configuration is done. You will be able to access a new page called ‘Reassign Staff Responsibilities’, which can be accessed via 'Menu > Administration > Reassign Staff Responsibilities'.
    Figure 2.3: Reassign staff responsibilities under administration
  • Select the user whose responsibilities you wish to transfer using the ‘Responsibilities From’ area.
    Figure 2.4: Responsibilities from area in reassign staff responsibilities page
  • Clicking on the ‘Responsibilities From’ will open a popup window, where you can select the staff whose responsibilities you wish to transfer.
    Figure 2.5: Select User in Responsibilities From  in Reassign staff responsibilities page
  • Once a staff member is selected, all responsibilities assigned to that user will appear in the grid below.
    Figure 2.6: Responsibilities of selected user
  • By default, responsibilities belonging to closed incidents will not be shown. If the ‘Show closed items (Incident)’ checkbox is checked, responsibilities belonging to closed records will appear. A prefix ‘Closed’ will appear on the responsibilities, which will allow you to distinguish the responsibilities among open records.
    Figure 2.7: Responsibilities of closed incidents appearing once closed items checkbox is checked


Note: Incident or a Compliance responsibility fields that have been marked as ‘Required for Integration’ in the Incident/ Compliance Object Configuration, will be disabled from transferring to a different user.

Figure 2.8: Fields disabled due to being required for integration


Note: Certain responsibilities related to the Compliance module are important to maintain the integrity of the records history. Therefore, these fields cannot be reassigned using ‘Reassign Staff Responsibilities’. A tooltip will explain the reason as ‘This field is disabled because it is related to the history of the item’ in such situations.

 

Figure 2.9: Fields required to maintain history

  • To reassign responsibilities from the selected user to another, there are two ways to do this. You can either reassign responsibilities individually or as a bulk.

To reassign responsibilities individually:

  • Click on the ‘None’ button against each responsibility within the ‘Assign To’ column. Then select your preferred staff in the list to inherit the responsibilities. With this individual assignment feature you can assign different responsibilities to different staff members.
    Figure 2.10: Responsibilities ready to be assigned to different users

To reassign responsibilities as a bulk:

  • This feature allows you to transfer all the responsibilities or one/several responsibility types from one user to another in one go. You can use the ‘Bulk Reassignment’ feature by selecting a user under the ‘Bulk Reassignment’ button at the top-right corner of the window.
    Figure 2.11: Reassign responsibilities as a bulk
  • Click on Save to reassign all responsibilities to the selected user.
  • To reassign responsibilities by type, select the type by clicking on the ‘Select Responsibility Type’ button.
    Figure 2.12: Reassign responsibilities as a bulk by type

Note: If an Incident or Compliance related object or fields are hidden/deleted using ‘Object Configuration’, then these fields will not appear under ‘Reassign Staff Responsibilities’.

  • Until you click Save, the status of the selected responsibilities will be ‘Pending to Save’. Once you click on the Save button, the responsibilities will be reassigned to the selected user selected in the ‘Assign To’ area. Once saved, the status will change to ‘Successfully Transferred’.
    Figure 2.13: Responsibilities being transferred 


3. Enabling a dedicated Primary Risk Sub Category dropdown

The sub categories for a primary risk category, which was within the 'Sub Categories and Secondary Categories' field, will be separated out, and a new dropdown will be introduced to select the Primary Risk Sub Categories.

3.1 Configuring the Primary Risk Sub Categories field

  • Display the Primary Risk Sub Categories within the dropdown, by configuring this within the ‘Categories’ page (accessed via Camms.Risk  > Menu > Framework > Risk Settings > Categories).
  • Configure the visibility of the Primary Risk Sub Category field within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Visible' checkbox of the field ‘Primary Risk Sub Categories’.
  • Configure the mandatory state of the Primary Risk Sub Category field within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Mandatory' checkbox of the field ‘Primary Risk Sub Categories’.
  • Configure the visibility of the Primary Risk Sub Category field within the My Quick Update page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Visible' checkbox of the field ‘Primary Risk Sub Categories’ under the column 'Quick Update'.

Figure 3.1: Primary risk sub categories field configuration


3.2 Configuring the Primary Risk Sub Categories field as a single select

  • Configure the Primary Risk Sub Categories field as only a single select field within the Initial/Inherent Assessment page for all risk types, within the ‘Field configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by clicking on the hyperlink of the Primary Risk Sub Category field, and in the popup window, select the checkbox 'Select only one risk sub category ' and save.


3.3 Configuring the Secondary Risk Categories field

  • Display Secondary Risk Categories within the dropdowns, by configuring this within the ‘Categories’ page (accessed via Camms.Risk  > Menu > Framework > Risk Settings > Categories).
  • Configure the visibility of the Secondary Risk Categories field within the Initial/Inherent Assessment page for all risk types, within the 'Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Visible' checkbox of the field ‘Secondary Risk Categories’.
  • Configure the mandatory state of the Secondary Risk Categories field within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by enabling the 'Mandatory' checkbox of the field ‘Secondary Risk Categories’.
  • Configure the visibility of the Secondary Risk Categories field within the My Quick Update page for all risk types, by configuring this within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration) by enabling the 'Visible' checkbox of the field ‘Secondary Risk Categories’ under the column 'Quick Update'.
  • Configure the Sub Categories for Secondary Risk Categories within the Initial/Inherent Assessment page for all risk types, within the ‘Field Configuration’ page (accessed via Camms.Risk > Menu > Framework > Risk Settings > Field Configuration), by clicking on the hyperlink of the ‘Secondary Categories’ field and in the popup window, select the checkbox ‘Show secondary sub risk categories' and click Save.

Figure 3.2: Secondary risk categories field configuration


Notes: 
  • The field ‘Sub Categories and Secondary Categories’ is now renamed as ‘Secondary Risk Categories’.
  • The property ‘Show Risk Subcategory’ within the field that was under ‘Sub Categories and Secondary Categories’ will be removed.
  • The visible tick box for the 'Primary Risk Sub Categories' field will be automatically ticked for existing clients who had ticked the property ‘Show Risk Subcategory’ previously.

How will this work?

  • If the ‘Visible’ tick box is ticked under the Initial/Inherent column in the Field Configuration page for the 'Primary Risk Sub Categories' and 'Secondary Risk Categories' fields, these will display as a dropdown in the Initial/Inherent Assessment tab, and as a label in other Assessment tabs for all risk types.

Figure 3.3: Primary risk sub categories and secondary risk categories fields displayed as dropdowns in risk assessment page

  • If the property ‘Show secondary sub risk categories’ has been ticked, the ‘Secondary Risk Categories’ dropdown will list the sub categories of the secondary risk categories.

Figure 3.4: Secondary categories dropdown displaying the sub categories


4. User interface updates to enhance usability

Continuing our focus on enhancing your user experience, this release will include the following user interface updates:

  • Appearance and UI for the Next button within Risk tabs
  • System messages that automatically fade out (e.g. successful save messages)
  • Freezing headers in the Consequence rating popup window

Figure 4.1: Next/Previous buttons within Risk tabs


5. Enhancements to the Bow Tie Report to incorporate a Risk Status filter and display Risk Ratings based on visibility

The Bow Tie Report will be enhanced to filter risks based on the status by incorporating a Risk Status filter. Further, the Risk section within the report will be modified to display the risk ratings based on their visibility configurations within the system.

5.1 Visual and Layout Improvements of the Risk Ratings

  • The risk ratings will be adjusted as per the visibility of the number of risk ratings present for each risk type.
  • The appearance of the risk ratings will automatically adjust to represent the risk ratings visible for each risk type as shown below (Please see figures 5.1, 5.2 & 5.3 that visualise the look-and-feel of multiple scenarios).
     
    Figure 5.1: Three risk ratings

    Figure 5.2: Two risk ratings

    Figure 5.3: One Risk Rating


6. Extending the Standard Risk Register Report to accommodate new fields and multiple filtration options

A new column 'Linked Control' has been introduced to show the Control linked to a particular Risk Treatment Action. Moreover, you will now have the ability to filter risk actions by Action Status, while the Organisation Hierarchy Link, Next Review Date, and Last Review Date fields will be depicted by default within the report. Further, you will be able to see a clear distinction between the Primary Risk Sub Categories and Secondary Risk Categories.

6.1 Addition of Linked Control column

  • A new column 'Linked Control' has been introduced to the Standard Risk Register report to view the Controls linked to a particular Action; i.e. if there is a Control that is linked to an Action, the title of that Control will be depicted through this column. 
  • This column will be positioned at the end of the Risk Action columns; i.e. after the ‘Completed Date’ column, and will be grouped against the Actions of a particular Risk. 
  • If a Control is not associated to an action, this column will be empty.Figure 6.1: Linked Control column within the report body
  • You can control the visibility of the column via the static filter ‘Linked Control’ under the ‘Risk Treatment Actions’ grouping, within the ‘Show Fields’ filter.
  • This filter will be unticked by default. Upon enabling, the ‘Linked Control’ column will be depicted within the report.Figure 6.2: Linked control filter

6.2 Ability to filter Risk Actions by Action Status

  • A new multi-select dropdown filter ‘Action Status' will be introduced, and it will consist of all the action status types including: Not Started, In Progress, Completed, Deferred, and Ongoing. This will be defaulted to the ‘Show All’ scenario, where all actions will be retrieved to the report.
  • This enhancement will allow you to filter the Risk Actions within the Risk Register report based on its respective Action Status.Figure 6.3: Action status filter


6.3 Organisation Hierarchy Linkages, Next Review Date and Last Review Date fields will now be depicted by default within the report

  • This enhancement will allow you to extract the Organisation Hierarchy Linkages, Next Review Date, and Last Review Date fields by default into the Risk Register report, as they will now be ticked-on within the ‘Show Fields’ filter, under the Risk Detail and Risk Review filter groupings.Figure 6.4: Organisation linkages enabled by defaultFigure 6.5: Review dates enabled by default


6.4 Clear distinction between the Primary Risk Sub Categories and the Secondary Risk Categories

  • This enhancement will provide you with a clear distinction between the Primary Risk Sub Categories and the Secondary Risk Categories fields. These risk categories will be visible in the report if at least one of the risk types have it enabled. 
  • If there is no data available for a category pertaining to a risk, it will be displayed as blank.Figure 6.6: Primary risk sub categories and secondary risk categories
  • These risk categories are controlled via the filtrations under the Risk Detail filter grouping within the ‘Show Fields’ filter.Figure 6.7: Filters for risk categories


7. Enhancing the Standard Risk Heatmap Report with multiple filtrations and layout updates

The Risk Category field within the report will be modified to clearly segregate the Primary and Secondary Risk Categories. The hierarchy filters will be modified to be compatible with our beta flexible security feature. Moreover, the Risk Status filter will be defaulted to 'Active' wherein, the Risk filter will load only the Active Risks by default, while providing the ability to control the visibility of Actions, KPI's, Incidents, and Risks sections.


The following modifications have been incorporated into the Risk Heatmap Report to provide a more comprehensive view of details.

7.1 Incorporation of Linked Actions, KPI’s, Risks, and Incidents filters

  • For a better usage of the report, four new tick box filters have been introduced in the report filter page, which addresses the linked Actions, KPI’s, Risks, and Incidents of the report.
  • The four new filters will be ticked by default.
  • If the risk does not consist at least one record for a particular section, it will be hidden from the report. Figure 7.1: Filters

Figure 7.2: Linked Risk Actions, KPI's, Incidents, Risks

  • The below image depicts how it would appear if no incident records are linked to a risk. In this case, the entire section will be hidden. Consequently, the same behaviour is followed for other sections.

            Figure 7.3: Suppressed section

7.2 Enhancing visualisation of the Inherent Circles

  • The inherent circles represented in the heatmap of the report will be visualised in a darker grey colour to uplift the look-and-feel of the representation.Figure 7.4: Heatmap


7.3 Incorporating Primary Risk Sub Categories and Secondary Categories

  • The Risk Overview section’s Risk Category has now been incorporated with the Primary Risk Sub Categories and the Secondary Risk Categories fields, based on the visibility.
    • The existing static primary risk category will remain as it is. If any sub categories are associated to it, it will be represented correspondingly along with a dash.
    • This will be followed by any secondary categories and sub categories associated with the risk, and will be subsequently represented.
    • The primary risk category and the secondary risk categories will be displayed in bold and in order of the application, to determine that it is a main category. Whilst the sub categories will be represented in normal text.

Figure 7.5: Risk categories