Let's Talk
How Can We Help?
< All Topics

Risk Approval Overview1

PostedApril 21, 2025

The Risk Approval Queue is a crucial component for managing risk governance within the system. It allows authorized users to review, approve, or reject risk entries submitted by risk creators. This feature streamlines the risk approval process by centralizing all pending risk approvals in one interface, ensuring that only authorized personnel can manage and approve the risks.

Key Functionalities of the Risk Approval Queue

Category/Project/Ftamewor Filtering
Users can filter the risks based on the category they are associated with, allowing them to view only relevant risks pending approval.

Approval Permissions
Only the following users can access the Risk Approval Queue:

  • Product Admins: Admins assigned to both user and admin group of a module, have full approval and rejection rights.
  • Root Admins: Administrator with authority over all modules can approve any risk across all products.
  • Risk Owners: Users who have been designated as the owner of a specific risk also can approve or reject their assigned risks.

Risk Fields in the Queue
The Risk Approval Queue presents essential details for each risk, including:

  • Title: The title of the risk item.
  • Risk Owner: The individual assigned as the owner of the risk.
  • Assigned To: The user responsible for managing the risk.
  • Likelihood: The assessed likelihood of the risk occurring.
  • Impact Severity: The potential damage the risk could cause.
  • Action Options: A set of actions that the authorized user can take (view, approve, reject, or request changes).

Approval Process

  • Detailed View: Users can click on a risk item to view all its details, including the title, description, risk owner, assignee, likelihood, impact severity, potential damage, and mitigation cost.
  • Approval Action: Authorized users (Project Admins, Root Admins, or Risk Owners) can approve a risk directly from the queue. Once a risk is approved:
    The risk status is updated to “Approved.”
    The risk continues to the next step in the workflow, if applicable.
    Notifications are automatically sent to the risk owner, assignee, and risk monitors, confirming the approval.

Reject Risk

  • Rejection Action: Users with approval authority can also reject a risk. Reasons for rejection can be added as comments. Once rejected:
    The risk status changes to “Rejected.”
    The risk owner, assignee, and monitors are notified of the rejection and any reasons provided.

Request Changes

  • Comment and Request Changes: Instead of outright rejection, approvers can request modifications to the risk item. They can:
    • Leave comments detailing the changes required.
    • Notify the risk owner and assignee, who can then update the risk and resubmit it for approval.

Notifications and Workflow Integration

  • Email Notifications: Once a risk is approved, rejected, or sent back for changes, the system automatically sends notifications to:
    • The risk owner.
    • The assignee.
    • Risk monitors.
  • SLA Notifications: All actions related to risk approvals, rejections, and comments are integrated with the Risk SLA Notification system, ensuring that notifications and deadlines are aligned with project timelines and service level agreements.

Contact Us

  • 7030 Woodbine Ave, Markham, ON L3R 6G2, Canada
  • wearehere@sysonex.com
  • 1 306 261 5029
Linkedin Facebook-f Instagram Youtube

Resources

About Us

©2025 Sysonex. All Rights Reserved

Your form has been successfully submitted. Go to the next step to get a free Sysrisk user license.

Purchase Now