Learn how to configure risk workflow in the Spoke
This article discusses risk workflow stages in detail and provides instructions on how to configure them.
If you have a Hub and prefer centralized risk workflow management in the Hub instead, head here to learn more.
Table of contents:
Getting started
Risk workflow stages allow your organization to effectively combat risks by dictating what can and cannot be done to risks, and what actions are needed for risks at different stages.
For example, you can dictate that your users have to choose a Domain for risks in the Triage stage to be able to move the risk onto the next stage, or that users cannot edit a risk's Treatment Decision until the Active stage.
To get started, head to Risks > Workflow.
(If you are in the Hub, stay in Administration > Custom data.)
If you don't see Workflow under Risk in the Spoke even though the Hub setting is Enabled, you may be missing the permissions grouped under View risk workflow stages.
The 5 default risk workflow stages are:
- Triage
- Assess
- Active
- Review
- Closed
In this example, we have deleted all the default stages and are starting from scratch. Click on Create new workflow stage to get started.
Stage definition
Define the below details in the Stage definition tab.
- Stage name
- Stage details
- Start workflow from this stage - tick this if this is the first stage in your workflow
- Enter from - if this is not the first stage, select stage(s) that can lead to this stage
- Go to - if this is not the last stage, select stage(s) that this stage leads to
Save or go straight to the next tab, Stage access.
Stage access
Select the things a user can do to a risk that is on this stage. By default, all actions can be performed.
Use the arrows (1) to expand each section and turn off any actions you don't want the user to be performing for a risk in this stage. Use the sliders for the sections (2) if you want to allow or disallow every action in the section.
For further details on stage access, head here.
Save or go straight to the next tab, Stage requirements.
Stage requirements
Select the things a user has to do to be able to move the risk onto the next stage. By default, there are no conditions here, and users can move the risk in this stage freely onto the next stage.
You can create conditions made up of 3 parts using the dropdowns that dictate an action.
Add as many statements as necessary by pressing +. All statements will be And statements, meaning a risk needs to meet all the requirements to proceed to the next stage.
Remove conditions by pressing the X to the right of them.
The first part of the condition is a field. This could be a default or custom risk field, a default or custom risk assessment field, or a treatment field.
The second part of the condition depends on the field type of the first part. Below is a list of what each type has available.
- Dropdown: is one of, isn't one of
- User: is one of, isn't one of, is empty, is not empty
- Date: is empty, isn't empty
- Text: contains, doesn't contain, is empty, is not empty
- Matrix: is one of, isn't one of, is empty, is not empty
The third part of the condition depends on the content of the field.
For further details on stage requirements, head here.
Connecting and organizing stages
When you're done, click Save to save that stage. You can then see a summary of the stage, including its details, access, and requirements.
Add as many stages as your organization deems necessary.
Click the arrow next to a stage's name to minimize it, the pencil to edit it, and the red bin to delete it. Reorder stages by holding the 6 dots to the left and dragging them.
To learn more about managing risks using the risk workflow, head here.