Uk userguide rismarisk 4 3

User guide RISMArisk Version 4.3

Risma Systems A/S

Lyskær 8

DK-2730 Herlev

Denmark

+45 70 25 47 00

[email protected]

User guide - RISMArisk December 2015

Copyright © 2015 Risma Systems A/S – All rights reserved Page 2

Indhold 1. General Administration - (Administrator) ................................................................... 3

1.1 Create new users .................................................................................................................. 3

1.2 Change user data, including change of password ................................................... 4

1.3 Deactivate and activate user ........................................................................................... 4

1.4 Delete users ............................................................................................................................ 5

1.5 Create Organisation Units ................................................................................................ 5

1.7 Send e-mails to all users .................................................................................................... 6

1.8 Holidays ................................................................................................................................... 6

2. Administration of RISMArisk. (Administrator and Super User) .......................... 6

2.1 Periods ..................................................................................................................................... 6

2.2 Risk type .................................................................................................................................. 7

3. Risk Overview (all user types) .......................................................................................... 7

3.1 Sorting ...................................................................................................................................... 7

3.2 Create risk ............................................................................................................................... 8

3.3 Creating links to RISMAexecution .............................................................................. 10

4. My Risks (All user types) .................................................................................................. 11

5. Reports (Administrator, Super User and Privileged User) ................................. 11

5.1 Creation of reports ........................................................................................................... 11

5.2 Risk matrix .......................................................................................................................... 12

5.3 Risk List ................................................................................................................................ 12

5.4 Correction of data in reports ........................................................................................ 12



1. General Administration - (Administrator)

Administrators have access to all parts of the system and is the only user type who has access to the General Administration. In the General Administration, Administrators can create users and Organisation Units.

1.1 Create new users

To create a new user, press the + in the box named Users. This will lead Administrator to a page in which the following data, related to the new user, must be registered: Name: Type the user’s full name. (Mandatory) Username: Type the username. Numbers, normal letters and capital letters can

be used, however space is not allowed in the username. A minimum of two characters is required. (Mandatory)

Password: Type a password. This password is temporary. At the first login, the

user is asked to change the password. The password must consist of minimum eight characters. (Mandatory)

E-mail: Type the user’s e-mail. This enables the system to send emails to the

user. (Mandatory) Access: Assign access to the user. The four user types are described below.

If the organisation have more than one of Risma Systems’ systems, it is possible to make differentiated access for RISMAcontrols, RISMAexecution and RISMArisk. This allows one user to be Super User in one system, and regular user in another.



An Administrator has access to all functions of the systems and is the only user with access to the General Administration. The symbol of the Administrator is shown with an A. A Super User has access to Administration for RISMArisk, Overview, My risks and reports. However, a Super User cannot create users or Organisation Units. The symbol of the Super User is an S. A Privileged User has access to Overview, My risks and reports. A Privileged User has access to the risks within the organisation unit and underlying units, connected to the user. The symbol of the Privileged User is a P. A regular user has access to Overview and My risks, including the risks, the user has been given access to. The symbol of the regular user, I, is shown with a symbol of a person.

If a user has no symbol, this means that no access is given to any of the systems. The symbol shown in the overview, is the highest level of access the user has in any of the systems. Organisation: Add the Organisation Unit, for which the user is associated. Only one Organisation Unit can be assigned. (Mandatory) Others activities: If a user should have access to others activities, add the

usernames of the persons who the user should have access to. Add the user(s) by pressing the + in the box named, “Allow access to the activities from”.

When a user has access to the activities of another user, the

activities will be shown under the main menu Others Activities, on the front page of RISMAbusiness.

The button Create must be pressed for the user to be saved.

1.2 Change user data, including change of password

A list of all users is available in the General Administration section. Pressing the respective user’s “username” will lead to a page where the user´s user data is listed. Administrator can change all data in the pop-up window. The button Update must be pressed for the changes to have effect.

1.3 Deactivate and activate user

A list of all users is available in the General Administration section. A user with the user number crossed, is a deactivated user. To deactivate a user, press the red X next to the user’s e-mail address. The user number will now be crossed. In order



to activate the user again, press the red X again. The user will now be active again. This is shown by not having the user number crossed. When a user is deactivated, the user has no longer access to the system.

1.4 Delete users

User profiles cannot be deleted from the system. Administrator can, however, overwrite data in a user profile, and thereby delete the previous user data. This can be done by selecting the username of the user who should no longer have access, and change username, password, full name and e-mail address to reflect the new user´s data.

1.5 Create Organisation Units

To create an organisation unit, press the + in the box named Organisation. A pop-up window appears in which the title of the organisation unit can be entered. See an example of an organisation below.

The button Create must be pressed in order to save the Organisation Unit. To create underlying Organisation Units, press the overlying Organisation Unit, under which the underlying unit shall be placed. In the bottom of the pop-up box, you will see two options, Create underlying Organisation Unit and Delete organisation. When creating an underlying Organisation Unit, a unit is created on the level below the chosen organisation unit. It is possible to have organisation units in a total of three levels. To delete an organisation unit, press the organisation unit you wish to delete, and press the button Delete Organisation in the buttom of the pop-up page. When deleting a unit, a warning message will appear, press OK to continue the deletion.



1.7 Send e-mails to all users

Above the list of all users, in the general administration, is the button Send E-mail to all users. By pressing this button, Administrator will get a pop-up window, in which e-mails of all users are listed. This list can be copied to Administrator’s e-mail system by pressing the button Copy using the “Ctr + c” function (“Cmd + c” for Apple products), and then go to the e-mail system and use “Ctr + v” (“Cmd + v” for Apple product). It is only possible to move parts of the list by highlighting it with the mouse, before using “Ctr + c”. This requires, however that “Flash” is installed on the PC or Mac. The function can be used, if Administrator wants to give a general information to the users about the systems.

1.8 Holidays A box named “Holidays” is placed at the bottom of the left column. This is used in RISMAcontrols. It is possible to create holidays in the company. When a holiday/public holiday is created as a holiday, a control cannot have deadline on this day, if the deadline is a calculated frequency.

2. Administration of RISMArisk. (Administrator and Super User) The administration for RISMArisk includes the following two elements: Periods and Risk types.

2.1 Periods To create a new period, click + in the right corner of the box. A new page will appear where the scoring parameters also appear. At the top of the page, enter the period title which can only contain letters and numbers. Under the title, tick the box, "I understand that creating a new period will close the current one." When a new period is opened, the open risks are copied from the current period to the new period. The current period is closed, but users will still have access to view the open and closed risks in the closed period.



Under Scoring Parameter, select between five or six categories for Likelihood and Impact respectively. Below Likelihood, choose the percentage intervals of likelihood. Open the dropdown menu, by clicking the arrow on the right side of the box. Below likelihood, the Financial Impact are defined. Under the heading Financial Impacts, the currency value shall be defined, for example Mio USD. Underneath the percentage interval should be entered. Under Other Parameters 1 and 2, other relevant parameters can be added for the period. Before saving, users should tick the box, “I understand that saving these scoring data and opening risk register means that I cannot change scoring data before I open another period.” When this period is saved, data cannot be changed for this period. Click Save and Open to save the new period. The user will now be directed to the list of all open risks in the new period.

2.2 Risk type In the box named Risk type, the number of open risks is divided between the different types of risks. The number of attached initiatives can be seen under Mitigation plans.

3. Risk Overview (all user types) In the Overview, the user has an overview of all risks the user has access to. Administrator and Super User have an overview of all risks in the system. Privileged Users have an overview of risks within the user’s Organisation Unit, and all risks in underlying Organisation Units. Regular users can only see the risks they are connected to. A user is connected to a risk, when they are added as Responsible, Escalation or Ready for Review. The risks are listed in numerical order.

3.1 Sorting In the top right corner, you can choose to sort by Risk Number, "Likelihood x impact score", "Likelihood x Other impact 1" and "Likelihood x Other Impact 2" (The last two mentioned are only relevant if the period includes other impact). The risks with the highest score will be at the top of the list.



3.2 Create risk A new risk can be created by using the button Create Risk in the top left corner. When pressing Create Risk, an empty data entry page opens with the first available risk number. Title, likelihood, financial impact, other impacts, risk type, organisation, primary risk owner, daily risk owner and risk level are mandatory elements when creating a risk.

Data entry page The following elements are part of the data entry page. Number: The number is automatic when creating the risk. It is not possible to

change the number. Title: Type in the title next to the number. It is possible to change the title

at any time after creating the risk by pressing the title in the data entry page.

Description: Type in a description by pressing the box under Description. A

maximum of 2.000 characters can be used. If this number is exceeded, an error message appears. Correct the text and press Update risk to save the changes.



Likelihood: Add the percentage range of likelihood in the drop-down menu. It is possible to make a comment under the drop-down.

Financial impact: Add the percentage of financial impact in the drop-down menu.

It is possible to make a comment under the drop-down. Other impacts: Add the relevant other impacts in the drop-down menu. It is

possible to make a comment under the drop-down. Risk type: Classify risks from the list of risk types. It is possible to create more

risk types in the RISMArisk administration. Organisation: Add the Organisation Unit. Exactly one Organisation Unit should be

added to each risk. New Organisation Units can be created by Administrator in the General Administration.

Primary Risk Owner: Choose the user(s) with the overall responsibility for the risk

by pressing the + next to Primary risk owner in the grey box in the right side of the window. A list of all users appears. Choose a user by pressing the username. Remove the user from the risk by pressing the x next to the username.

If a user is not found on the list, the user is not registered in the

system. Contact the Administrator to create new users in the system. New users can only be created by Administrator in the General Administration.

Secondary risk owner: Choose the user(s) who has (have) the daily responsibility

for the risk by pressing the + next to Secondary risk owner in the grey box to the right in the window. A list of all users appears. Choose a user by pressing the username. Remove the user from the risk by pressing the x next to the username.

If a user is not found in the list, the user is not registered in the

system. Contact the Administrator to create new users in the system. New users can only be created by Administrator in the General Administration.

Risk level: Choose the relevant risk level from the list by pressing the +. Daily team: Add users who work on this risk. Users associated with the daily

team receive an e-mail when a message is updated in Risma Board. The e-mail includes the message updated in Risma Board, and a direct link to the risk. This function allows you to send a message out to a team. When a user is added to a daily team, the risk is automatically shown in ”My risks” under a separate heading.



Risma Board: The box named Risma Board allows users to communicate and share ideas without including this in the report. To leave a message, write the text in the bottom of the box, and press the white arrow to submit the text.

To gain access to all previous messages, press the button Full Risma Board and a pop-up window will appear with the full version. This allows users to see all previous messages from the users in the risk. To exit the pop-up window, press the white X in the right corner of the box.

Other comments: Add relevant information to the risk. Buttons: At the bottom of the data entry page, the Update button is placed.

The Update button should be used every time a change has been made. If the Update button is not pressed, and you exit the page, the changes will not be saved.

Next to the update button, a Back to overview button is placed. By

pressing this button, you will be navigated to the previous page, without having created the risk.

At the bottom, a Close Risk button is placed. When pressing the Close Risk button, it is no longer possible to edit data in the risk. When a risk is closed, the Close risk button is replaced with a Reopen Risk button. When the Reopen risk button is pressed, it is again possible to edit data in the data entry page.

3.3 Creating links to RISMAexecution At the bottom of the data entry page, a big + with a button called Add Initiatives is placed. To add initiatives to the risk, press the small arrow on the drop-down menu. The dropdown menu displays a list of all available initiatives from RISMAexecution, as well as a search option at the top of the dropdown menu. The dropdown menu allows to select all relevant initiatives for risk. When all relevant initiatives are selected, press the Add Initiatives button, to add the initiatives to the risk. Information of the initiative's traffic lights, title, deadline, status and description is now shown below the data entry page of the risk. When pressing the Update button, the user will be led into the data entry page of the initiative in RISMAexecution. To remove the initiative from the risk, open the dropdown menu below the data entry page of the risk, and untick the initiatives that you wish to remove. Press the Update initiative button, to remove the initiative from the risk.



4. My Risks (All user types)

In My Risks, the user sees a list of all risks where the user is primary or secondary risk owner. The risks, were the user is primary risk owner, is at the top of the list, and risks were the user is secondary risk owner is at the bottom of the page. The risks are listed in number order under each heading.

5. Reports (Administrator, Super User and Privileged User) Administrators, Super Users and Privileged Users can create reports of risks. Find the function under the main menu item called Reports.

5.1 Creation of reports

The main menu item Reports will direct the user to a page in which the criteria for the report is defined. The user can sort the report after the following parameters: People:

• Primary risk owner • Sekundary risk owner

Organisation: • Organisation

Scoring parameters: • Period • Impact type

Type • Risk type • Risk level • Deadline for initiatives connected to the risks. • One of the following two report types must be chosen:



1 Risk matrix 2 Risk list The two different types of reports are described below. When the criteria have been chosen, press Create report.

5.2 Risk matrix When a Risk Matrix is generated, it displays a matrix, including all risks that match the desired criteria, in terms of likelihood and impact. A light blue circle means that the risk has not been updated since last period. Dark blue means that it has been updated within the period. Red means that it has been created within the current period. Green circles are closed risks. When an arrow is shown to a circle, this means that it has been moved within the matrix. It is possible to move a risk directly within the matrix by clicking on the circle, and move it to the wanted location. Press the Save Score Changes button to save the movement. The new location is now stored in the matrix, as well as the data entry page of the risk. In the list, on the side of the matrix, it is possible to go directly to the data entry page for each risk and update data. By pressing the Export Matrix button, the screen will be exported to Microsoft Word. By pressing the Print Matrix button, a new window with the matrix and the risk list appears in a printer friendly format. It is possible to add a title, or a descriptive text, before printing.

5.3 Risk List When a risk list is generated, a list of all risks which matches the desired criteria appears. When pressing the title, the user will be navigated directly to the data entry page. By pressing the button Export List, the list will be exported to Microsoft Excel. By clicking the button Print List, a new window shows the list of risks in a printer friendly format. It is possible to add a title or a descriptive text before printing.

5.4 Correction of data in reports

After creating a report, it is possible to add or change data in the report. Pressing the risk title, will direct the user to the data entry page of the risk. After adding or changing data in the data entry page, the button Update risk must be used, before pressing on Back to report.



This function could, for instance, be used when a report has been made for a meeting, and the decisions from the meeting are documented directly in the system.

Documents

Uk userguide rismarisk 4 3