Who is this article for?

Users who need to understand Business Users.

No special access or permissions are required.

Pentana provides tailored features for two distinct types of business user, each with different levels of system involvement and access requirements.

1. Understanding the two types of Business User

Pentana meets the specific needs of two distinct types of business user:

• Business users who simply need to respond to their individually assigned actions can access mechanisms externally to the Pentana system, for example via the Web module
• Business users who have an extensive involvement in the action management life cycles, for example where they act as Action Coordinators with responsibility for the progress of actions in their part of the universe, can access features within Pentana itself

2. Using general action management features

The following features support the action management life cycles generally:

• Ability to define dummy Entities or Processes; these are automatically excluded from management screens such as Audit Coverage and Risk Exposure and provide a container for analysis and tracking of Findings and Actions that would otherwise be unassigned
• Ability to assign Findings (and their associated Actions) to an Entity or Process outside of the originating Audit Scope
• Action Updates with email notifications to help central users manage the follow-up life cycles and to capture the full history of progress against agreed Actions over time

3. Working with external-only Business Users

Features targeted at those business users who will interact only externally to Pentana itself include:

• Automated email notifications to alert the business of draft Findings and their upcoming and overdue Actions
• The Web module will allow the business to submit their responses and progress updates (central users can remain in overall control by selecting whether to accept the responses submitted by the business)

4. Managing Business Users within Pentana

Features in support of business users who have a more extensive involvement in the process, within Pentana itself include:

• Contacts can be defined as Users within the application
• Contacts can be assigned to an Org Unit and optionally to individual Entities, to determine the scope of the data that they can see (there is an Assign Contacts item on the Entity navigator spine which allows Contacts to have their default Entity-level Role changed for that Entity if required)
• Screens relating to the analysis and management of Findings and Actions are exposed to Contacts, with the data organised from the perspective of the Org Structure and Entities (that is, independently of the Audits from which they originated)
• Ability to hide Spine Items from the Navigational Pane entirely based on role, such that business users will only see a very small subset of the application
• Ability to control which Finding and Action fields are displayed to Contacts, thereby allowing fields intended for audit use only to be hidden from Contacts

5. Understanding Access Roles for Business Users

Access Roles control permissions at Universe and Entity levels, designed specifically for business usage:

5.1 Universe Business User

A very restricted role to read data across the universe. For example, business users may be limited to see only those entities within their Org Unit scope; they may have no read access to Audits at all.

5.2 Entity Business Manager

Selective permissions with regard to entity level data and to manage aspects of the Finding and Action data within their entity scope.

5.3 Entity Business User

Very restricted permissions, such as the ability to edit only data in respect of the items where they are the owner.

5.4 Entity Risk Registers

Business users can be granted permissions to view and even maintain Entity level Risk Registers if desired.

6. Setting up Guest Auditors

Business users can also be granted an Audit role if desired. Where contacts or business users are seconded into the central team to perform audits as guest auditors, you could potentially adapt their permissions to allow Read Audits = Assigned, so that the business users could then (subject to permissions) perform audits within Pentana in the same way as Staff users.

7. Configuring authentication for Business Users

The main Contacts screen shows Roles and Identities to provision access to the application. Most Contacts will not require access but those which do must use the same authentication mode (that is, Windows or Certificate authentication) as Staff. Therefore access would generally only be possible for Contacts who are on the same domain.

8. Assigning specific Contact Roles

There are three specific Roles designed for Contacts.

8.1 Universe Business User

This is a Client Universe Role which allows read access to the Entities and their child data but nothing else.

8.2 Entity Business Manager

This is an Entity level Role (hence can be varied by Entity) which allows write access to Entity child data.

A business manager would typically be given Universe Business User and Entity Business Manager (along with General Viewer).

8.3 Entity Business User

This is an Entity-level Role (hence can be varied by Entity) which allows limited write access to Entity child data.

A business user would typically be given Universe Business User and Entity Business User (along with General Viewer).