Good afternoon,
I need help on a topic related to risk management in ARCM.
The risk management cycle is currently as follows:
- Risk Owner performs the risk assessment;
- Risk Reviewer reviews the risk assessment (accept or reject);
- Risk Manager monitors all evaluations;
The question is this: If the Risk Reviewer wants to refuse the evaluation and comment on the reason for the refusal, how can this be done? There is no field for Reviewer to write.
.PNG)
When we are talking about other components (for example the tests to the controls, audit, incidents and losses,...), when the Reviewer decides to reject, becomes MANDATORY to fill in the field "comment / reviewer remark", but in Risk Management there is no field to fill in (neither obligatory nor optional).
My client is a very complex organization and in each risk assessment cycle, there is a strong probability of rejection of evaluations, however the Reviewer should indicate (in a comment, or something similar) the reason for rejection. BUT currently, when the Reviewer reject a risk, send an e-mail (outside of ARIS) to inform the Owner, what was the reason for rejection. Which is not correct and is unsustainable in the long run, considering that everything should be centered on the ARIS / ARCM platform.
Is there any possibility to configure this?
Thank you!
Ana Rita Lopes
Good afternoon Steffen,
Thank you for the attention to my message.
I forgot to mention that point. Currently the client has version 10 Service Release 6, but has not yet been passed to production, because the application is in the testing phase.
However the installation that I have used to perform the tests and demonstration is the 10SR5.
According to your comment, in SR6, does the reviewer remark for risk management exist and is it mandatory in case of rejection?
Best regards,
Ana Rita Lopes
