Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Understanding email notifications for risk and control assessments

By Gregor Scott
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Administrators who need to understand notifications.

Administrator access to the Universe module is required.

Pentana provides optional email notifications to alert and remind Risk Owners when Entity Risks and Controls are due for external re-assessment.

1. Understanding notification types

Pentana offers two types of email notifications:

  • Initial Notifications for Entity Risks and Controls
  • Reminder Notifications for Entity Risks and Controls

These notifications have specific characteristics:

  • They only relate to Entity Risks and Controls (not to Library or Audit levels)
  • They only relate to External Assessments (never to Internal Assessments) because the Internal Assessments are the domain of the Audit team
  • They are sent with respect to Entity Risks and Controls which do not have a Current External Assessment

2. Preparing for a re-assessment cycle

When you enter a re-assessment cycle you will need to:

  1. Identify records which need to be re-assessed.
  2. Set the Business Owners if required.
  3. Clear any existing External Assessment (which will automatically clear the Notified Date).
  4. Set the Due Date (to when you need the External Assessment done by).

3. Configuring initial notifications

The Initial Notification has both fixed and configurable criteria.

Fixed criteria:

  • Business Owner is set (else there is no one to notify)
  • Business Owner has an Email address set (else there is nowhere to send it)
  • Current External Assessment does not exist

Additional criteria (which can be changed on the Server Agent by your network administrator):

  • Active State is Live
  • Risk Type or Control Importance Outcome equals Included
  • Due Date is less than Today plus 28 days (the warning period can obviously be varied)
  • Notified Date is NOT set (to avoid them being sent more than once)

The Entity Risks and Controls are combined into a single email per Person. For example, if a Person is the Business Owner of five Entity Risks and 10 Entity Controls, all of which match the other criteria, then they will receive two emails (one with respect to Entity Risks and the other with respect to Entity Controls).

Note: The email parameters (such as Subject and Body) are taken from the Server Agent parameters and can be changed by your network administrator.

Important: It is not possible to refer to individual Entity Risks or Controls in the Body of the email or to Cc the email to other People linked to the individual Entity Risks or Controls, since many records are being consolidated into a single email.

When the Initial notification is sent, each of the affected Entity Risks and Controls will have their Notified Date set to Today (to avoid them being included again). They have their Respond by Date set to Today plus the Entity Risks Initial Respond By Days value (System Setting). By default, this will be configured to initially give the Business Owner seven days to act before they will be sent a reminder email.

 

4. Configuring reminder notifications

The Reminder notification has both fixed and configurable criteria.

Fixed criteria:

  • Business Owner is set (else there is no one to notify)
  • Business Owner has an Email address set (else there is nowhere to send it)
  • Current External Assessment does not exist

Additional criteria (which can be changed on the Server Agent by your network administrator):

  • Notified Date is set
  • Respond by Date is less than Today

In your Server Agent configuration you have the option to choose to consolidate the reminders for each Person into a single email or have them sent individually. The former means fewer emails being sent and received but the latter means it is possible to include a URL to the specific Entity Risk or Controls to which it relates in the email Body. The email parameters (such as Subject and Body) are also taken from the Server Agent parameters and can be changed by your network administrator.

When a Reminder notification is sent, the Entity Risk and Control has their Respond by Date set to Today plus the Entity Risks Reminder Respond by Days value (System Setting). By default this is configured to give the Business Owner a further three days to act before they will be sent the next reminder email.

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page