0
21.1.1
Zurich Patch 4, Zurich, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu, Washington DC Patch 7, Washington DC Patch 5
The Risk workspace allows the IT Risk Manager and the Operational Risk Manager to view the overall risk posture for your organization, track time-sensitive issues and major losses, and control deficiencies that may increase risks for your organization.
The workspace allows risk managers to:
- Define and manage their organizational risk and control taxonomy.
- Perform risk assessments.
- Assess controls based on design and operational effectiveness.
- Monitor the operational losses and performance of the Key Risk Indicators (KRIs) and the Key Control Indicators (KCIs).
The central issue management capability allows to define a plan of action for remediation and ensure the control gaps are corrected early.
The new user experience highlights the following:
- A default Home page for each user persona displaying actionable insights and quick links.
- A well-organized navigation menu listing modules based on the requirements of each user persona.
- Reimagined conversational risk assessments experience for business users.
- A unified task page to manage and complete GRC tasks efficiently.
- A new visualization that provides a 360° view of GRC relationships.
- Reimagined page layout with contextual information in the side panel for users to complete their tasks more efficiently.
- Record pages that provide a holistic view and actionable insights specific to what is being viewed.
- Persona-based home pages for IT-Risk, Op-Risk, and Business Risk Managers to manage their work efficiently.
- Manage all tasks assigned to a user and their groups from the consolidated task landing page.
- Contextual information about a record to indicate when you need a new 360° relationship viewer and side panels in the records.
- Manage and remediate issues from the comprehensive issue landing page.
- Playbook for seamlessly collecting risk information from first line through guided risk identification workflow.
- Guided experiences for scheduling and managing risk assessments in risk assessment scope and scheduler using the playbook.
- A conversational redesigned guided experience for risk and control assessments with enhanced configurability.
- Redesigned risk heatmap for monitoring and reporting of risk posture.
- Automate risk reporting to senior management and improve risk analysis by visualizing risk trends and movements on the heatmap workbench.
- Review and respond to the metric data efficiently using the Grid UI to provide bulk response and approval for metrics.
- WCAG 2.1 AA compliance making it accessible to all users.
- Enabled Autosave functionality on risk assessment for better user experience.
- New Formula builder in Metric definitions.
- Bulk approval and reassign of risk assessments.
Entity Wise Risk Profile Matrix:
- Matrix Report is a configurable grid-based view in the risk workspace that displays entity-linked data like risks, controls, KRIs, and events. Accessible from the landing and entity pages, it centralizes key details for quick analysis. Users can tailor columns to view relationships clearly and efficiently.
- Risk data is often scattered, making it hard to get a full view of an entity’s risk profile. The Matrix Report brings all related information into one place. This reduces time spent switching views and helps risk managers assess data easily.
- Boosts efficiency by unifying risk insights, helping identify gaps faster. The report improves visibility and supports quicker, informed decisions. This leads to more proactive and streamlined risk management.
[New]
- Introduced an "Active flag" in the GRC Task Page configuration and GRC Choice table; updates to these flags are now reflected in Risk Workspace.
[Changed]
- Converted existing related lists on the Entity record page into User Interface Builder (UIB) pages for a more intuitive experience.
- The ‘Downstream Risks’ list is now moved to Risks page with tabs for Directly Related, Suggested risks, and All Risks.
- The ‘Entity Type’ list has also been moved to a UIB page.
- As part of these changes, customers may experience issues related to custom actions emitting events on the 'Risks' or 'Entity Type' related lists on the Entity record page.
To adopt these changes, please refer to KB2593527 for guidance.
[Fixed]
- Users can now update messages related to the Risk Assessment component without errors.
- Carriage returns in factor comments are now properly recognized in Risk Assessments.
- Fixed localization and right-to-left (RTL) language support issues in Heatmap.
- Removing a risk statement from Risk framework record now only removes the relationship; a separate delete action has been introduced to delete the record.
- Fixed multiple issues on the Business Operations Risk Manager homepage, including drill-down in the ‘Control–Not Assessed’ widget and updating record lists when clicking Heatmap cells.
[Removed]
- Removed the quick edit option for Risk Assessments to ensure that edits are made only on the dedicated Risk Assessment pages.
The following applications are installed automatically when you activate the Risk Management Workspace application:
- GRC: Risk Management (com.sn_risk)
- GRC: Common Workspace Elements (com.sn_grc_workspace)
Permissions and roles:
Role required to install the app: System Admin (admin)