This article explains the second building block of the risk management module being the risk rules. They are the heart of the retraced risk management as it enables you to define rules with the data points that shall impact the risk scores of your network partners/yourself. These rules are set up in a template.
In the following chapters, you will learn the needed steps in creating such a template and important used terms.
How to create an assessment template?
DUPLICATE A TEMPLATE
Before creating a (new) template, you may want to save time and just duplicate one from an existing template. Find out here, how to do that.
CREATE A NEW TEMPLATE
Click the "Risk Management" > "Risk Rules" tab in the left navigation bar.
Click the blue "+ Create Template" button.
Give the template a name and confirm by clicking "Create".
Now you will be redirected to the rule builder (=Edit risk assessment template section) where you can define custom rules based on which your network will be assessed. Note that some information is mandatory in order to use the template for an assessment. Those are:
Title
Prioritization formula
Default severity score
Minimum one rule
Also important to note is that as long as not all mandatory information is defined, the template is in draft mode - it is inactive. As soon as the mandatory information is given, the toggle can be used and you can toggle the template as active for it to be selectable in the assessment creation.
ADD PRIORITY FORMULA
First, define the prioritization formula to identify network partners with the highest priority to lower their risk scores by collaborating on preventive actions. For this, click the blue "+ Add prioritization formula". For example, the formula could be "(severity*likelihood)".
The idea of the prioritization formula is based on the principle of appropriateness which most corporate sustainability due diligence regulation use: Companies have scarce resources and capacities. Most likely, you work with many suppliers but are limited in resources. Hence, there should be a focus on the things that fall into your capacity and that you are able to achieve.
CREATE RULES
Now, you can start adding rules to your template. For this, click "Add new rule" and then "+ Add trigger".
In the where/if sections you define all the datapoints that should be considered in the rule. You basically define the triggers for the likelihood and severity scores to be changed. In the do/this sections you define what happens to the likelihood and severity scores for any of the retraced risk scores if the datapoints are fulfilled or not.
For example, where/if there is a GOTS and ISO certificate, then offset likelihood for 1 and severity for 0. If these certificates do not exist increase likelihood of irresponsible business conduct and forced labor for 1 and severity for 1. You can customize your perspective on which data points should impact a risk factor positively or negatively.
While likelihood defines the data points that have a positive or negative effect on likelihood of specific risks. It asks "How probable is a certain risk to happen/exist?", severity defines which data points shall determine the severity of specific risks. It asks "How bad/big is the impact on the environment/society when a certain risks materializes?". For example, if the rule does not apply to a company, then X happens.
Aside from risk scores being subject to offset and increase, they can also receive a fixed score. For example: If a company does not have GOTS Scope, then the current risk score should be overwritten to 5.
For the same rule, there are mandatory information for its creation meaning a template can only be saved
if not only data point is selected, but also the type. You cannot just select certificate and then leave the type empty as the system needs to know for which certificate it should check. For example: If data point certificates is selected, then the type such as GOTS Scope must be defined.
if you have filled in content in the "Where/If" section, you also need to define what should happen. There needs to be content in the "Do this" section otherwise the system does not know what to do when it finds the triggers you defined in a company.
Similar, you also need to select at least one risk factor in the "Do this" section. Otherwise the system doesn't know again which likelihood and severity it should adapt.
Once all rules have been defined, activate the template by toggling it on.
Do note though that once the template is toggled active, edits are no longer possible. Thus, make sure that all modifications including formula, data points, rules are completed/correct before activation.
🚀 Enhance your decision-making and prepare your business with our Risk Management module. Contact our Customer Success team at [email protected] to learn more and get started!