This article explains the third and last building block of the risk management module being the risk assessments. As the name already indicates, you can assess your network and/or your own company based on the chosen template. Learn how to do so below.
How to assess your network/yourself?
1. Access the "Risk Assessments" tab in the left navigation bar.
2. Click the blue "+Add new" button to start creating a new assessment by choosing a template.
3. Give your assessment a name (=Name) and select the template (=risk rule template). Both are mandatory, while the remaining fields are optional:
Tags: Especially when having many assessments, you may consider tagging your assessments to easily find them in the overview later.
Goal: An example could be "Annual assessment for LKSG 2024".
Auto-recalculation: The data in your network partner's company profile is subject to changes as certificates expire and are renewed, new certificates are being uploaded as well as documents and audits. If you prefer for these updates to be considered in the assessment, feel free to define these settings including until when the auto recalculation should take place.
4. Click "Save risk assessment".
5. Click the "View" Button of the newly created assessment.
6. By default, the first tab displays the details of your assessment and formula (= Template Details). The assessment details can always be edited after creation via the pencil icon.
7. To assess your network partners and/or yourself click the "Assessed Companies" tab. Via "+Add entities to assessment", select all companies that shall be assessed. Confirm your selection by clicking "+Add companies to assessment".
8. Subsequently, those companies will be listed in the "Assessed Companies" tab with the calculated risk scores. Note: As the calculation of all datapoints required by the chosen risk rule template might take a while, we add a status column that indicates if the calculation is done or in process.
How to access the detailed risk assessment of a company?
1. Click the company name in the assessed companies tab of the assessment.
2. The Assessment tab summarizes the risk factors and their calculated gross score based on the likelihood, severity and prioritization formula. Additionally, when clicking on the data in the datapoints columns, you will see the applied certifications, documents, audits that have been considered.
3. The Prioritization tab translates the Assessment tab information into a so-called heatmap. It gives you a quick and easy overview of the facilities in your network with the highest risks visually. Tip: Use the likelihood (low to extreme) and severity (1 to 5) filter to quickly identify respective network partners with high risk profiles.
4. If the auto-recalculation has been set, the risk profile of the facility will be updated as defined. The previous risk profiles are displayed in the history tab.
How to manually mitigate the calculated risk score?
Users are able to manually edit the automatically calculated severity and likelihood scores of individual risk categories in a risk assessment. This is how it works:
Access the risk assessment via the Risk assessments overview and clicking the Assessed Companies tab.
Click the name of the network partner for whom you would like to manually mitigate a risk score.
Click the edit icon for the likelihood and/or severity score of a certain risk factor.
Enter a new value in the modal that opens by clicking the edit button.
Add a remark on why this change is taking place. Note: A manual mitigation can only be submitted if a reasoning is provided. This comes with the advantage that a viewable history of such changes is created simultaneously.
Click "Save".
To view the history, click the speech bubble in the remarks column.
