Category Management for ERM
In SysRisk, creating risk entries initiates all subsequent system operations, such as generating statistics, making suggestions, and providing updates. Therefore, the ability to create and manage risk entries is the most critical feature within the system.
While only admins and product admins can create risk entries, category management plays a key role in ensuring that general users have access to relevant risk categories. Without proper category access, general users will be unable to select any category for their risk entries.
Admins and product admins can create risk entries under any category by default and do not need to be assigned to a category to create risks. However, to be assigned to a role within a risk entry—such as owner, reviewer, or approver—they must be added to the relevant category. The same rule applies to risk closure access: it is only available to admins and product admins after they are added to specific categories.
General users, on the other hand, must be added to a category before they can create or be assigned to any risk entries under that category.
This guide provides a detailed process for managing categories and creating risk entries in the Enterprise Risk Management (ERM) module.
SysRisk Risk Categories
SysRisk’s ERM module includes the following eight risk categories:
- Pure Risk
- Business Risk
- Operational Risk
- Technical Risk
- Reputational Risk
- Financial Risk
- Environmental Risk
- Political Risk
Admins and product admins manage access to these categories, determining which categories general users can work with when creating risk entries.
Detailed Process for Risk Entry Creation and Category Management
1. Log in to the SysRisk System
Admins or product admins must log in to the SysRisk account to access category management features.
2. Navigate to the ERM Module
Once logged in, go to the Enterprise Risk Management (ERM) module.
3. Access the Category Management Page
Within the ERM module, select the Category Management page from the product options.
4. View the List of Categories
On the Category Management page, you will see a list of all the risk categories, along with the number of users assigned to each category and an action button for further management.
5. Managing User Access to Categories
Add Users to a Category
Click the action button next to the relevant category to open a subpage dedicated to managing that category.
Assign Users
On the subpage, you will find a drop-down menu with user names. Admins can select the desired user(s) from this dropdown and assign them to the chosen category.
Alongside selecting users, admins can choose to give risk closure access by checking the “With Risk Closure Board” checkbox before clicking Add User.
After clicking Add User, the selected users will appear in the user table below.
View Assigned Users
A table on this subpage lists all users currently assigned to the category:
- If a user is given only category access, the table will show a checkmark under the In Category User
- If the user is given both category and risk closure access, checkmarks will appear in both the In Category User and In Closure Access
Remove or Modify Access
To modify user access:
- Click the View (eye) icon next to a user’s row in the table.
- A toggle panel will open with switches for Category Access and Closure Access.
To remove closure access, turn off the Closure toggle. The user will retain category access.
To remove category access, turn off the Category toggle. This will also remove closure access, as closure access cannot exist without category access.
A user can have category access without closure access,
but a user cannot have closure access without also having category access.
Creating Risk Entries
Once category access is appropriately managed, admins and product admins can proceed with creating risk entries within the assigned categories.
Admins and product admins have access to all categories for the purpose of creating risk entries. However, to be assigned to any role in the risk workflow or receive closure access, they must be explicitly added to the category.
General users must be added to categories in order to create or be assigned to any risk entries under that category.
Effective category management ensures that general users have the necessary access to create risk entries. Admins and product admins are responsible for overseeing this process, which directly affects the system’s functionality. By following these steps, they can maintain streamlined operations within SysRisk’s ERM module, empowering users to manage risks efficiently.
