This article discusses risk workflow stages in detail and provides instructions on how to configure them.
If you have a Hub and prefer centralized risk workflow management in the Hub instead, head here to learn more.
Table of contents:
- Getting started
- Stage definition
- Stage access
- Stage requirements
- Connecting and organizing stages
- Approval workflow stages
Getting started
Risk workflow stages allow your organization to effectively combat risks by dictating what can and cannot be done to risks, and what actions are needed for risks at different stages.
For example, you can dictate that your users have to choose a Domain for risks in the Triage stage to be able to move the risk onto the next stage, or that users cannot edit a risk's Treatment Decision until the Active stage.
To get started, head to Risks > Workflow.
(If you are in the Hub, stay in Administration > Custom data.)
If you don't see Workflow under Risk in the Spoke even though the Hub setting is Enabled, you may be missing the permissions grouped under View risk workflow stages.
The 5 default risk workflow stages are:
- Triage
- Assess
- Active
- Review
- Closed
In this example, we have deleted all the default stages and are starting from scratch. Click on Create new workflow stage to get started.
Stage definition
Define the below details in the Stage definition tab.
- Stage name
- Stage details
- Start workflow from this stage - tick this if this is the first stage in your workflow
- Enter from - if this is not the first stage, select stage(s) that can lead to this stage
- Go to - if this is not the last stage, select stage(s) that this stage leads to
Save or go straight to the next tab, Stage access.
Stage access
Select the things a user can do to a risk that is on this stage. By default, all actions can be performed.
Use the arrows (1) to expand each section and turn off any actions you don't want the user to be performing for a risk in this stage. Use the sliders for the sections (2) if you want to allow or disallow every action in the section.
For further details on stage access, head here.
Save or go straight to the next tab, Stage requirements.
Stage requirements
Stage requirements define the entry and exit conditions that must be met before a user can move a risk between stages in the workflow.
NOTE: A risk can be reassigned from a later workflow stage to an earlier one without the need to fulfil the requirements of the earlier stage.
You can create conditions made up of 3 parts using the dropdowns that dictate an action.
Add as many statements as necessary by pressing +. All statements will be And statements, meaning a risk needs to meet all the requirements to proceed to the next stage.
The first part of the condition is a field. This could be a default or custom risk field, a default or custom risk assessment field, or a treatment field.
To remove a condition, click the X icon located to the right of the condition.
The second part of the condition depends on the field type of the first part. Below is a list of what each type has available.
- Dropdown: is one of, isn't one of
- User: is one of, isn't one of, is empty, is not empty
- Date: is empty, isn't empty
- Text: contains, doesn't contain, is empty, is not empty
- Matrix: is one of, isn't one of, is empty, is not empty
The third part of the condition depends on the content of the field.
For further details on stage requirements, head here.
Connecting and organizing stages
When you're done, click Save to save that stage. You can then see a summary of the stage, including its details, access, and requirements.
Add as many stages as your organization deems necessary.
Click the arrow next to a stage's name to minimize it, the pencil to edit it, and the red bin to delete it. Reorder stages by holding the 6 dots to the left and dragging them.
Approval Workflow Stages
Platform administrators can configure approval stages within a risk workflow. Approval stages allow workflow items to pause and await approval before progressing to the next stage.
This feature is optional and is not enabled in all environments. If you would like to enable approval workflow stages, please contact support@6clicks.io.
Configure an Approval Workflow Stage
At the Spoke level, navigate to Risks > Workflow > Create New Workflow Stage > Approval Stage to configure an approval stage within a workflow.
At the hub level, go to Administration > Custom data > Create New Risk Workflow Stage> Approval Stage.
Enter the stage name and any relevant stage details, then select where the stage should transition from and to before selecting Save. You will also have the option to configure the risk to return to the Entry stage, which returns the risk to the standard stage from which the approval was initiated. Where multiple approval stages exist, you can alternatively configure the risk to return to another approval stage.
It is important to configure the approval stage as an Entry Requirement for the workflow stage that the risk will move to the following approval. To do this, navigate to the workflow stage the risk should progress to after approval, then select Entry Requirements > Is Approved/ Is Declined > Select Approval Stage. You also have the option to configure a workflow stage for risks where the approval request has been declined.
In the Stage Approvers tab, at the Spoke level, select the users you wish to assign as approvers, then choose whether all approvers must approve or if approval from at least one approver is sufficient.
In the example below, an approval stage named “Approval Stage 1 Demo” has been created and configured to start from the Active workflow stage. The approval stage is configured to enter from Active and return to the Entry stage from which the risk originated, returning the risk to Active once approved, so the user can then progress the risk to the next workflow stage.
Configure Approvers for Approval Stages
Administrators can define one or more approvers for each approval stage within the workflow configuration.
Approvers are responsible for reviewing and approving workflow items before they can proceed to the next stage in the workflow.
At the Hub level, administrators can select the approver group or user type for the approval stage and configure whether approval is required from all members or from any one member before the risk can progress to the next workflow stage.
At the Spoke level, select the users you wish to assign as approvers, then choose whether all approvers must approve or if approval from at least one approver is sufficient.
Additional Information
Entering an Approval Workflow Stage
When a workflow item reaches an approval stage, its progress is paused until the required approval action is completed. Assigned approvers will be notified and can review the item directly within the platform.
Delete an Approval Stage
Approval stages can be removed from a workflow configuration by platform administrators. Deleting an approval stage will remove the associated approval requirement from the workflow. Please note that by deleting an approval stage, the associated risks will be unassigned from that approval stage.
Notifications
The platform notifies approvers when an item enters an approval stage through both email and in-app notifications.
When moving an item into an approval stage, users must provide:
- Approval comments or notes for approvers to review
Notifications include the following information:
- Item name or identifier
- Item type
- Requester (the user who initiated the approval)
- Approval notes or comments
- Direct link to the item
Notifications are triggered for the following events:
- Approval requested
- Approval completed
- Approval declined
- Approval cancelled
History
The platform records all approval-related events within the item history and audit trail.
Approval history includes the following information:
- Approval stage name
- Requester
- Approver
- Decision outcome (Approved or Declined)
- Comments provided by the approver
- Date and time of the decision
All approval actions are fully traceable to support governance, accountability, and compliance requirements.