SE Risk was completely modified in Suite 2.0, the objectives are to simplify integration with components of SE Suite, adaptation to meet main Compliance standards (ISO 31.000, COSO, ISO 27.000, PMBOOK), standardize the system functionalities and ergonomic adaptation.
Contexts were removed and this enabled user to view to see all risk and control plans on the same screen. Thus, menus were adapted to SE Suite standard.
These changes allow to optimize the use of SE Suite generic functionalities, such as generic revision for risk and control plan, attributes during registration, access security, generic associations, standardization of registration and types (configuration) and identification mask.
One of the main functionalities SE Risk is the integration with the other components of SE Suite. To start the creation of risk and control plan in this version, user should only associate a plan type with the source origin, for example associate a plan type with the process type, and/ or project type and/or scorecard type.
The risk plan integrated with a component of SE Suite, uses the revision of associated component (in this case of SE Process, SE Project, etc.). Thus, integration becomes transparent for the user and avoids management of different revisions between the component and the risk plan. Once the source object (process, project, scorecard) starts a new revision, a new revision of risk and control plan is automatically launched.
User can parameterize the management of risk and control plan in the menus of source component. For example: On the screen of process registration, user can open the risk and control plan and parametrize it as necessary, user has access to monitoring of risk and control plan in process view. Consequently, SE Risk menu to generate risk plans integrated with components of SE Suite is not necessary anymore.
One of the main functionalities of SE Risk is the plan planning and monitoring screen, that has the same ergonomic format with the same views and characteristics. The risk and control plan screen is divided into 6 views: Structure; Risk; Risk matrix; Control; Structure treatment and diagram.
Each view has some functionalities and displays information in different ways. Plan maintenance and building is conducted mainly on the structure view. Under this view, user can add elements, risk, control, treatment, etc., to the plan.
Under risk, control and treatment view, the system displays the associations in a "grid" view, with filters and 3rd quadrant with access to main functionalities. Under this view, user can edit and delete an analysis associated with the plan. Risk matrix views graphically the risks according to their evaluations (Potential, Actual or Residual).
Risk matrix can be viewed by result, amount and element X risk. Amount and element X risk is the summary view of risk plan of the 1.3 version.
In diagram view, user has a graphic view of the Risk and control plan organizational chart. Access control to risk plan can be customized to add, edit, delete, list and view.
All risk management is centered in a single risk analysis screen. When user opens the risk analysis screen, the system displays main risk information with the result of current evaluation; its main characteristics are: use of attributes by risk analysis; actual evaluation, risk potential and residual; history of risk evaluations; comments; events (incident, problem and workflow); association with risk; cause with analysis tool; association with consequence; association with best practice; association with objective; documentation (attachment and document); association with action plan; association with project; treatment of risks; association with control and access security.
The functionality of risk treatment in 2.0 version, seeks to comply with standards, a risk can have more than one treatment with different responses for different risks. Besides the response to risk, each treatment can be associated with an action plan or an isolated action. User can see the associated treatments on the 3rd quadrant of Risk and control plan screens, and also a specific view of treatments associated with Risks.
Control management is centered in a single control analysis screen. When user opens the control analysis screen, the system displays main information about Control. Its main characteristics are: Use of attributes by control analysis; control evaluation and reevaluation; history of evaluations; comments; events (incident, problem and workflow); association with best practice; association with objective; documentation (attachment and document); association with action plan; association with project; association with indicator; association with survey; association with test; and access security.
In test automation, control is integrated with the SE Survey, SE Test and SE Workflow components. After some control has been configured as "automated" and user chooses the component where automation will be performed, the system will automatically generate survey, test or workflow events. This routine manages these actions automatically, user only configures the templates and automation scheduling. After survey, test or workflow events have been generated, they are associated with control. Thus, user can track the number of automation processes that have been executed and when they were executed.
Risk and control plan book is a complete report that contains all information about the plan and associated risks and controls. This report highlights the events under execution, action plan under execution, summary of evaluation results and main information of the plan. A risk and control datasheet is printed and contains the result of all the associations performed in risks and controls.