Planning risk assessments
No special access or permissions are required.
Planning risk assessments help you evaluate and rate all auditable entities in your audit universe, with each entity-process receiving assessments for associated planning risks.
Understanding planning risk assessments
Each entity-process has a planning risk assessment for each associated planning risk. You can specify an entity type and process type on each planning risk to refine the number of planning risk assessments created.
In the example above, the entity-processes (Alexandria Head Office - General Management, Alexandria Head Office - Legal & Secretarial, and Alexandria Head Office - Treasury) are each associated with seven planning risks: Change, Environmental Factors, Fraud, Size, Reliance on IT Systems, Sensitivity, and Security. This means each entity-process has seven planning risk assessments.
Entity-process properties
The execution tab contains the following properties:
- Owner (set via a person dialogue window)
- Budget Effort (copied from the entity process)
- Score (calculated read-only field)
- Rating (calculated read-only field)
- Sign Off State (shows whether the entity-process period is open, completed, or approved)
Planning risk assessment properties
The execution tab displays:
- Owner – the user responsible for rating the planning risk assessment (taken from the entity owner field, not the entity process owner field)
- Scope State (in or out of scope)
- Rating – the risk score of the planning risk assessment
- Comments – any needed comments
The policy tab shows:
- Description
- Guidance
Filtering data with navigators
The planning risks assessment screen has two navigators for filtering data:
- The first navigator filters by org unit or entity
- The second navigator filters by process area or process
Assigning planning risk assessment ratings
Each planning risk assessment of an entity-process must have a rating before it can be marked as completed.
Each rating has an associated value. You can configure these ratings and their values in Admin > Segmentations > Planning Risks Assessment Ratings.
To assign a rating:
- Select a planning risk assessment.
- Choose a rating from the available options.
The rating and associated score display on the data grid.
Note: The entity-process rating and score will not be calculated until all its planning risk assessments have been rated.
Assessing planning risks in bulk
You can assess planning risks in bulk through the multi-edit functionality.
To update multiple assessments:
- Highlight the planning risk assessments you wish to update.
- Open the properties panel.
- Click the button to edit them.
- Enter the rating.
- Save your changes.
Important: Each entity could have a different matrix configuration. A warning displays if the bulk operation is not valid.
Understanding entity-process risk scores
The entity-process score is set by default to be the average of the associated planning risk assessment scores (this can be changed in system settings).
In the example above, three planning risks have scores of 50, 100, and 0. The entity-process score is calculated as (50 + 100 + 0) / 3 = 50.
A score of 50 gives the entity-process a rating of Medium because this is the rating associated with that value range in Admin > Segmentations > Planning Risks Ratings.
Cells fall into a given planning risk rating if their total score is greater than its value but less than the value of the next rating.
Applying weighting to entity-process scores
For an entity with weighting, the entity-process planning risk score equals the average of planning risk assessment scores multiplied by the weighting.
Signing off entity-processes
Entity-processes within a planning period follow the same lifecycle as other objects in Pentana: open, completed, and approved.
You can mark an entity-process as completed once all associated planning risk assessments have been assessed. The final state of an entity-process is approved.
Adding attachments
You can add attachments to both planning risk assessments and entity-processes.
To add an attachment:
- Use the relevant command on the ribbon.
Alternatively:
- Use the right-click menu
- Drag and drop the attachment onto the data grid
Switching between display modes
The planning risk assessments screen has two display options:
- Entity-Process Periods – shows each entity-process on a separate row, with associated planning risk assessments accessible through the child grid
- Planning Risk Assessments – shows each planning risk assessment on a separate row
Getting prior assessments
You can import assessments from a previous planning period.
To get prior assessments:
- Select the relevant command on the ribbon or right-click menu.
- Choose a planning period from the list.
To import the assessments:
- Select the planning period you wish to get prior assessments from.
- Optionally tick Include Attachments and Override Assessments.
- Click the right arrow.
- Select the entity-processes to get prior assessments from in the audit universe matrix.
- Click Ok.
Note: Prior assessments import where there is no current assessment if the Override Assessment tick box is left unticked. Ticking the box causes all current assessments to be overwritten with prior assessments.