Note: This article shows the SurePact risk workflow for a grant. The workflow is identical for other SurePact records, including portfolios, projects, and contracts.
This SurePact risk workflow will need to be completed for a record if Self-Assessed Risk Rating was not ticked during record creation.
Note: If this box was ticked, the process follows the self-assessment risk approval workflow.
Each record type has its own sets of risk factors. As an example, for a grant, the Risk Profile step is comprised of two risk factors: Grant Budget Risk Factors and Grant Scope Risk Factors.
Note: For a contract, risk factors include those for the contract itself, as well as risk factors for the contract’s project. The aggregated risk assigned to the contract takes into consideration the risk factors of its project.
The risk profile workflow is the same for all record types.
Each risk factor is comprised of several sub-factors. For each risk factor, each sub-factor must be completed.
Incomplete sub-factors are indicated by an exclamation point icon, and each risk factor can be expanded to open its sub-factors.
You can also click on a sub-factor to open that field within the risk factor.
Each sub-factor has a drop-down with pre-populated options, which depend on the sub-factor type. Some are financial, some are time-based, etc. As an example, the Multiple Project Delivery sub-factor has a choice of project numbers.
For each sub-factor, choose the appropriate response. Include an explanatory note based on the instructions on the left. This produces the risk rating for the sub-factor, which will be used in the overall risk calculation for the entire risk factor.
As you complete the sub-factors, you can return to the risk factor to see its current rating, based on completed sub-factors so far. While there are still sub-factors with exclamation points remaining, the risk factor is not considered complete.
Once all sub-factors are complete, which means all risk factors are complete, click Save Risk Rating.
This moves the workflow to the Risk Review step, where the aggregated risk rating from the previous step is presented. The record Manager must enter a note and click Request Approval.
The approval task will then be assigned to all users assigned record Risk Approver permission. All users with this role must tick either the Approve or Reject box, then click Submit Approval / Rejection.
If the risk profile is rejected, a task will be assigned to the record Manager to redo the Risk Profile step, then return to Risk Review and re-submit for approval.
Note: It is not uncommon to assign multiple record Risk Approvers. Before the Risk Review step can be considered complete, each approver must weigh in. And if any approver rejects the risk profile, the entire Risk Review step starts anew.
Completing the risk review moves record forward in the lifecycle. But you can go back to Risk Review and open the Approval Status List. This displays a history of approvals, rejections, and responses. All Risk Approvers will appear on this list.
The entire risk review / approval process, including dates and notes, can also be found in the Governance Log.
Comments
0 comments
Article is closed for comments.