Uk tips rismacontrols 4 2

Tips RISMAcontrols Release 4.2

Risma Systems A/S

Lyskær 8

DK-2730 Herlev

Denmark

+45 70 25 47 00

[email protected]

Tips - RISMAcontrols November 2015

Copyright © 2015 Risma Systems A/S – All rights reserved Page 2

Indhold 1. About getting started ............................................................................................................. 3

2. About Administrator’s tasks ............................................................................................... 3

2.1 Building an organisation ................................................................................................... 3

2.2 User control ............................................................................................................................ 4

2.3 E-mail to all users ................................................................................................................ 4

3. About Super Users tasks ....................................................................................................... 4

3.1 About associations to controls ........................................................................................ 5

3.2 Link RISMArisk and RISMAcontrols ............................................................................. 5

4. The tasks of privileged users and regular users ......................................................... 6

4.1 Use of frequency ................................................................................................................... 7

5. About daily use – completion of controls. ..................................................................... 8

5.1 About attaching files ........................................................................................................... 8

5.2 E-mail notifications ............................................................................................................. 9

5.3 About Risma Board ............................................................................................................. 9

5.4 About copying controls ...................................................................................................... 9



1. About getting started The first Administrator has already been given access when the system was installed. It is recommended to have at least two Administrators to ensure that at least one person has access to the general administration section during periods of vacation or other absence. Only Administrators can for instance provide access to new users, or provide new passwords to users who have forgotten their access credentials.

2. About Administrator’s tasks Administrator must initially perform the following two tasks:

Create new users Create organisations

How to create users and organisations can be seen in the User Guide section “1. General Administration”.

2.1 Building an organisation Organisational units are created by administrators in the general administration section. The organisation has three levels. A multinational organisation may have several geographical areas such as Europe, Asia and the United States at level no. 1, underlying geographic areas, such as countries on the second level, while the third level could be departments, such as finance and production. See the example below.



2.2 User control When a user is created, the user level must be decided. The user can be a Regular User, a Privileged User, a Super User or Administrator. If the company has more than one Risma Systems solution, a differentiated access can be given. A user can be Super User in for example RISMAexecution, but be a Regular User in RISMAcontrols. There will typically be one or two Super Users in each organisational unit. A Super User has access to create relevant accounts, risks and processes. In addition, Super Users have access to the data entry page on all controls in the system, and they have the ability to pull reports on all controls in the system. Managers and head of departments will typically be registered as a Privileged User. As a Privileged User, the user has access to the controls within its own organisational unit and underlying organisational units. Privileged Users also have access to pull reports on these controls. Members of management are typically Privileged Users. Some managers prefer, however, to be Super Users. The reason for this could, for instance, be that the manager wants to be able to create reports of all controls. It might be a good idea, to get a management approval of the user rights provided. Employees who are responsible for the controls, are typically established as Regular Users and only have access to the controls, they are a part of. The Regular User is part of the control, when put as "responsible", "escalation" or "ready for review".

2.3 E-mail to all users In the general administration, the Administrator can send e-mails to all users. This can be used to give a general message to all users about guidelines for using the system, or general messages about the company's control environment.

3. About Super Users tasks Super Users must first create accounts, risks and processes in the administration section of RISMAcontrols. This can, however, also be done by the Administrators.



Super Users’ last task is to inform the responsible that the system is ready to use.

3.1 About associations to controls Associations are used to classify controls in relation to accounts, risks and processes. This makes it possible to draw reports on a specific item. Associations are created in the administration section by a super user or an administrator. They can then be assigned to individual controls in the data entry page for the control.

3.2 Link RISMArisk and RISMAcontrols It is possible to connect RISMArisk and RISMAcontrols, if the company has both systems. Assign risks from RISMArisk to controls in RISMAcontrols to show the control made to prevent and respond to risks in the company. When a Control risk is created, the screen shown to the right, will appear. To connect a risk from RISMArisk to RISMAcontrols, choose the risk in the dropdown menu. When the control risk is connected to the risk in RISMArisk, the control will appear in the data of the specific risk as shown before.



4. The tasks of privileged users and regular users All types of users can create controls under "Control Catalogue". When a control is created, those responsible must ensure that the description is correct, and that the controls are designed properly. For a more specific review of the creation of a control, see section "3. Control Catalog" in the user manual. See which information should be typed in, in the data entry page below.



Title (Mandatory) Description

o Control description should contain information on how control should be performed, as this gives the user a better position to carry out the controls properly. It is possible to add up to 2,000 characters to the description.

Assign associations if any (accounts, risks and processes) Deadline and frequency (Mandatory) Add users to escalation1 and ready for review2. Add one – and only one organisation unit. (Mandatory)

Next to the frequency the time zone should be selected. For multinational corporations, which have offices in multiple time zones, the time zone should be set for the country from where the controls should be carried out.

4.1 Use of frequency A control will typically occur several times with a certain frequency. The system allows the following frequencies.

Every week Every other week Monthly Quarterly Biannually Annually

1 Users added to Escalation will receive an e-mail when the deadline is overdue. 2 Users added to Ready to review will receive an e-mail when the control is completed.



When the repetition frequency is set to weekly, it means a new control is automatically created, with a deadline exactly a week after the last deadline. The control is created at the time of completion. Next to the deadline, the time zone is selected. For multinational corporations, which have offices in multiple time zones, the time zone should be set for the country where the controls should be carried out.

5. About daily use – completion of controls. To complete a control, press the button "control completed" in the controls in under the main menu item "My controls". By clicking on the "control completed", a pop-up image appears where it is possible to enter comments and attach files. The company may create general guidelines and requirements for this function. It is recommended to have clear guidelines on which files to upload, and what information must be added under the comments. More information makes it easier for the reviewer to gain an overview of completed controls. It is recommended to upload documents as proof of completion, and to use the comment box to explain, if there was something to add to the completion of the control.

5.1 About attaching files It is possible to attach files or links to a document handling system, when completing a control in RISMAcontrols. When completing a control, the picture on the right is shown. Attach files by pressing Attach file or add a link by typing the URL. The following types of documents can be attached:

Word Excel PowerPoint Pdf

The size of the document can be up to 25 MB. An attached document is stored as it was, when it was attached. The document must be re-attached if it is changed later on. Alternatively, it is possible to attach a link (URL), if the organisation uses a file sharing system, e.g. via SharePoint.



5.2 E-mail notifications By adding a user under "escalation", this user receives an e-mail, if the control is not completed before deadline. It would therefore be a good idea to add the person responsible for the control and the overall manager in this section. In this way, both the employee responsible and the manager is informed if the deadline is not met. By adding a user under "ready for review", this user receives an e-mail, when controls are completed. It is the person who must review the control, as well as, a manager who should be added here. It is possible to add all users to all three places, including your own user. To read how users is added, see section "3.3 creating controls" in the User Guide. The system is installed so that these e-mails are sent 5:00 AM CET, unless the customer has expressed other wishes, before the installation. This can be changed for the company, but not for the individual user. In practice, this means that users added to "escalation" will receive an e-mail at 05:00 AM the day after the deadline passed. Furthermore, users added to "ready for review", receive an e-mail at 05:00 AM the day after a control is completed.

5.3 About Risma Board

The Risma Board is placed in the bottom right corner of the data entry page. This function can be used by all users with access to the specific control. What is written in the Risma Board will not be included in the reports. This is an informal way to communicate internally about the specific control. When a control is completed, and a new one is created with a new deadline, Risma Board is blank. If there are comments to a specific control number, this must be stored in the description, so the information remains in the control when it is created with the new deadline. The Risma Board may be used to ask questions relevant to the execution of the specific control, or in connection with coordination of completion.

5.4 About copying controls At the bottom of data entry page of controls, is the "copy control". This button is used when there are more of the same or similar controls. For example, if only the responsible should be changed, or a different organisation unit should be added. When pressing the button "copy control", an identical control is created on the first available control number. Use this feature when creating general controls within a specific department, such as economics or production.

Documents

Uk tips rismacontrols 4 2