SoftExpert Risk tasks
This content was translated by artificial intelligence. To request a review, please email documentacao_se@softexpert.com.
Prerequisite
- Access the Task Center menu.
Introduction
Tasks are records generated for users to perform specific actions. They are divided into two categories: Execution and Monitoring .
The follow-up tasks do not need to be performed by the user, although they are responsible for them.
The user needs to complete the execution tasks within a defined timeframe.
See details of the SoftExpert Risk tasks below:
Execution tasks
| Who receives | Users who make up the approval team, associated with the advanced options of the plan to which the evaluated control belongs. |
| When |
The assessment of the plan's control has been completed. This task will only be generated if the "Assessment Analysis Approval Roadmap" field is filled in the plan's advanced options . Additionally, the assessment being performed cannot be the first assessment of the control, and the plan revision must be approved. |
| Purpose | To approve or reject the evaluation of a control. |
| Who receives | Users who make up the approval team, associated with the advanced options of the plan to which the evaluated control belongs. |
| When |
The risk assessment of the plan has been completed. This task will only be generated if the "Assessment Analysis Approval Roadmap" field is filled in the plan's advanced options . Additionally, the assessment being performed cannot be the first assessment of the control, and the plan revision must be approved. |
| Purpose | To approve or reject a risk assessment. |
| Who receives | Users who make up the roadmap responsible for approval, as defined in the plan's validity or renewal settings. |
| When | When submitting a revalidation for approval. |
| Purpose | To approve or reject the revalidation of a plan. |
| Who receives | Users who make up the roadmap responsible for approval, as defined in the validity or revalidation configuration of the plan type in the template. |
| When | When submitting a revised model for approval. |
| Purpose | To approve or reject the revalidation of a plan template. |
| Who receives | Users who make up the script responsible for approving the test results, associated with the test plan configuration. |
| When | The execution of the control test has been completed. |
| Purpose | To approve or reject the result of a control test. |
| Who receives | Users responsible for and members of the teams responsible for control analysis. |
| When |
After controls are included in the plan structure or when a control analysis is associated with a risk analysis. This task will only be generated if a method for evaluating controls has been associated in the Plan Type Assessment tab. Only controls that have not yet been evaluated will be displayed. |
| Purpose | Assess the risk controls associated with the plan for the continuation of its management. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When |
The inclusion of risks in the plan's structure was carried out. Only risks that have not yet been assessed will be presented. |
| Purpose | Assess the risks associated with the plan for the continuation of its management. |
| Who receives | Users designated as responsible parties in the action plan category. |
| When | The action plan generated from the risk and control analysis has been finalized. |
| Purpose | Inform those in charge that the action plan has been completed. |
| Who receives | Responsible users and team members responsible for the control test. |
| When |
The risk plan must be approved and have a control analysis in its structure with a configured control test. The tests that will be performed over the next 10 days will be displayed. |
| Purpose | Evaluate the risk control analyses to verify their effectiveness. |
| Who receives |
ISO9000 Model : Users who make up the review roadmap, associated with the model. Workflow : Users defined as executors of the workflow activity. These users must have edit control enabled in the model's security list. |
| When |
ISO9000 model :
Workflow : When starting a new review and when it's time for an activity to be executed in the workflow. |
| Purpose | Control the changes and versions of the models included in the system. |
| Who receives |
ISO9000 Model : Users who make up the review roadmap, associated with the model. Workflow : Users defined as executors of the workflow activity. These users must have edit control enabled in the model's security list. |
| When |
ISO9000 :
Workflow : When starting a new review and when it's time for an activity to be executed in the workflow. |
| Purpose | Control the changes and versions of the plans included in the system. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | For risk analysis, a treatment with a risk response that requires action and for which no action plan or isolated action has been created or associated. |
| Purpose | To demonstrate that the risk response is being monitored as part of a single action or action plan. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | The result obtained in the risk assessment requires a control, and the risk has no associated control analysis. |
| Purpose | To demonstrate that risk control was associated with the risk. |
| Who receives | Users responsible for and members of the teams responsible for control analysis. |
| When | The result obtained in the control assessment requires an event, and the control has no associated event. |
| Purpose | To demonstrate that the result obtained is being controlled by an event (workflow). |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | The result obtained in the risk assessment requires an event, and the risk has no associated event. |
| Purpose | To demonstrate that the result obtained is being controlled by an event (workflow). |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | The result obtained in the risk assessment requires treatment, and the risk has no associated treatment. |
| Purpose | To demonstrate that the risk analysis has an associated treatment, confirm the configuration of the risk assessment result. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | Risks are included in the structure of a plan that has an associated decision tree, and the questions in this tree were not answered during the risk analysis. |
| Purpose | Identify the Critical Control Points (CCPs) of the risk being analyzed. |
| Who receives | Responsible for requesting the evaluation, as defined in the type or at the time of its issuance. For this task to be generated, the SoftExpert Request component must be part of the solutions acquired by your organization. |
| When | The issuance/approval stage (as configured) has been completed by the appropriate parties in the SoftExpert Request component. |
| Purpose | Allow those responsible to respond to requests for risk assessment or control assessment. |
| Who receives | Responsible users and team members responsible for the model. |
| When | When the default time defined in the validity settings expires, or when the expiration date associated with the pending model plan type is approaching. |
| Purpose | Allow those responsible to review or revalidate the pending plan template. |
| Who receives | Responsible users and team members responsible for the plan. |
| When | When the default time defined in the validity settings, associated with the pending plan type, expires. |
| Purpose | Allow those in charge to review or revalidate the pending plan. |
Follow-up task
| Who receives | Responsible users and team members responsible for the control test. |
| When | The test plan is associated with control analysis. |
| Purpose | Allow the user to monitor the progress of the control tests under their responsibility. |
| Who receives | Users responsible for and members of the teams responsible for control analysis. |
| When | After controls are included in the plan structure or when a control analysis is associated with a risk analysis. |
| Purpose | Allow the user to track the control analyses under their responsibility. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | After risks are incorporated into the plan's structure. |
| Purpose | Allow the user to track the risk analyses under their responsibility. |
| Who receives | Users responsible for and members of the teams responsible for control analysis. |
| When | After including or associating events (workflows) in the control analysis. |
| Purpose | Allow the user to track open workflows related to the control analysis under their responsibility. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | After including or associating events (workflows) in the risk analysis. |
| Purpose | Allow the user to track open workflows related to risk analysis under their responsibility. |
| Who receives | Users responsible for and members of the teams responsible for control analysis. |
| When | After the inclusion or association of an action plan or a single action in the control analysis. |
| Purpose | Allow the user to track open action plans or isolated actions related to the control analysis under their responsibility. |
| Who receives | Responsible users and team members responsible for risk analysis. |
| When | After including or associating an action plan or a single action in the risk analysis. This association may have been made by including the treatment in the risk or through the Action Plan section of the analysis screen. |
| Purpose | Allow the user to track open action plans or isolated actions related to the risk analysis under their responsibility. |