Risk workflow

This article explains the rights of drafters and validators, from drafting a risk, to its validation and its mitigation.

Table of contents

Actors

When you create a risk you must choose:

  • one or more drafters: they can edit the risk, request a review, and create risk mitigation steps (RMS).
  • one or more validators: they can validate the risk and request a review.

To find out more about risk creation and how to select drafters and validators, see Creating a risk.

Workflow

Statuses

Each risk goes through a number of statuses:

  • Being drafting

  • Being validated

  • To be reviewed

  • Validated

You can view the current status of a risk:

The "Edit risk" and "Manage risk" pages

There are two types of risk pages:

  • Edit risk page: this page allows you to draft and validate a risk. This is where the heart of the workflow takes place.

  • Manage risk page: on this page you can mitigate a risk and obtain the net risk.

Rights on the "Edit risk" page

This section describes the actions that each type of actor can perform on the "Edit risk" page, in each status.

Being drafted

When a risk is created, its status is Being drafted.

 

In this status, only drafters have rights. They can create and edit the risk. Once they have finished editing the risk they click the Submit for validation button: the status switches to Being validated.

Being validated

In this status, several actions are possible depending on whether you are a validator or a drafter:

  • if a validator considers that the risk is described accurately and fully, they click the Validate button. The status switches to Validated.
  • if a validator considers that the risk requires changes or additional information, they click the To review button. The status switches to To be reviewed.

  • if a drafter wishes to modify the risk, they click the Review button. The status switches to To be reviewed.

To be reviewed

A drafter can edit the risk.

 

When they have finished editing it, they click the Submit for validation button. The status switches to Being validated.

Validated

When the status of the risk is Validated it can no longer be edited. However, if a factor impacting the risk changes, the risk must be updated. This update, or review, can only be requested by a validator, by clicking the Review button. The status switches to To be reviewed.

Summary table

The following table summarizes the rights described above. The right-hand column lists the buttons available for each type of actor, as well as the new status once the button is clicked.

Statuses

Actors

 Can they edit?

Buttons → Status change when clicked

Being drafted / To be reviewed

Drafter

Yes

Submit for validation → Being validated

Validator

No

N/A

Being validated

Drafter

No

Review → To be reviewed

Validator

No

Validate → Validated

To review → To be reviewed

Validated

Drafter

No

N/A

Validator

No

Review → To be reviewed

 

If a person is both a drafter and a validator, they have the following rights:

  • Drafter rights in the Being drafted and To be reviewed statuses;
  • Validator rights in the Being validated and Validated statuses.

Rights on the "Manage risk" page

On the manage risk page, only drafters can create and select risk mitigation steps.

Coming soon: each time a risk changes status, the concerned actors will receive an email and a notification in the DLD Anti-corruption solution. The actor who triggered the status change will not receive a notification.