Creating Verification Activities via Risk Assessments
As an alternative to using verification templates to create verification activities, you can create the activities from within a risk assessment worksheet. This is a simplified approach to generating them and reporting for risk assessments.
Verification Control Workflow
The overall process for verification activities via risk assessments looks like this:
Enabling Verification Activities in a Risk Assessment Worksheet
Enable control verification functionality for a “detailed” risk worksheet to display additional fields pertaining to verification scheduling and responsible parties.
Verification information includes the following:
- Control Verifications Enabled (Yes/No) – Select Yes to allow recurring verification activities to be created within the detailed risk assessment worksheet. This allows for a more integrated and automatic verification process than relying on creating independent “actions” alone. (This field is visible if Admin > Configuration Editor > Register Policies > Risk Assessment > Enable Control Assurance is selected.)
- Start/End Dates for Control Verification – Timeframe within which verification activities for the risk assessment can be scheduled
- Default Assessment Category – Determines the default set of responses (defined during system setup in Administration > Editor > Lookups) for control verifications added in the worksheet.
- Frequency for Verification Activity Digest – Determines how often a verification activity digest is generated and sent (daily, weekly, monthly, etc.) via email to the Risk Assessment Coordinator. The digest lists the number of activities initiated, verified, completed, and overdue.
- Risk Assessment Coordinator – The individual responsible for performing the risk assessment
- Verifier – The individual responsible for reviewing the risk assessment
Defining Verification Activity for the Controls
When control verification is enabled for a risk assessment, the additional fields (above) are available in the worksheet. Enter the tasks to be performed for each identified control and set the schedule for them. These tasks will then be grouped based on the assigned implementer and frequency.
- Control Verification – Verification task to be performed
- Control Verification Implementer – Person responsible for performing the verification activity
- Frequency – How often the activity is to be performed between the start and end dates
- Days to Complete – Number of days within which the responsible party must complete the activity
- Assessment Category – The set of responses from which the implementer will be able to select when performing the verification activity. (You can override the Default Assessment Category previously selected in the worksheet Properties.)
The last date on which the activity was completed, the result of the last completed activity, and the next scheduled date will display if there is data to report.
Sending Risk Assessment for Approval
When the risk assessment worksheet is ready for review, select Workflow Actions > Submit for approval.
If necessary, select a different approver/verifier, and then select Send. Once it is submitted for approval, the risk assessment status is updated to Under Review.
Reviewing a Risk Assessment with Verification Activities
When a risk assessment with verification activities is sent for review, the approver/verifier will receive an email notification (and a verification activity will appear in their To-Do list). The link in the email directs them to the risk assessment worksheet.
After reviewing the risk assessment worksheet, the approver can select Review Study from the toolbar and then select one of the following:
- Approve – update the risk assessment status to Complete and automatically activate the schedule for verification activities.
- Reject – inform the coordinator and change the risk assessment status back to Preparation.
The Review Study dialog box shows the number of controls with assurance (verification) activities associated with them.
