Uk userguide rismacontrols 4 3

User Guide RISMAcontrols Version 4.3

Risma Systems A/S

Lyskær 8

DK-2730 Herlev

Denmark

+45 70 25 47 00

[email protected]

User guide - RISMAcontrols December 2015

Copyright © 2015 Risma Systems A/S – All rights reserved Page 2

Indhold 1. General Administration (Administrator) ...................................................................... 3

1.1 Create new users .................................................................................................................. 3

1.2 Change user data, including change of password ................................................... 5

1.3 Deactivate and activate user ........................................................................................... 5

1.4 Delete users ............................................................................................................................ 5

1.5 Send e-mails to all users .................................................................................................... 5

1.6 Organisation........................................................................................................................... 6

1.7 Holidays ................................................................................................................................... 6

2. Administration of RISMAcontrols. (Administrator and Super User) ................. 7

2.1 Accounts .................................................................................................................................. 7

2.2 ControlRisk ............................................................................................................................. 7

2.3 Processes ................................................................................................................................. 8

2.4 Control risk types................................................................................................................. 8

3. Controls Catalogue (all user types) ................................................................................. 8

3.1 Traffic light ............................................................................................................................. 8

3.2 Sorting ...................................................................................................................................... 9

3.3 Create controls ...................................................................................................................... 9

4. My Controls (All user types) ........................................................................................... 12

4.1 Completion of control ..................................................................................................... 12

5. Reports (Administrator, Super User and Privileged User) ................................. 13

5.1 Creation of reports ........................................................................................................... 13

5.2 Report with completed reports. .................................................................................. 14

5.3 Report with pending controls ...................................................................................... 15

5.4 Audit report ........................................................................................................................ 15

5.5 Report of changes ............................................................................................................. 15

5.6 Correction of controls in reports ................................................................................ 15

6. Dashboards .......................................................................................................................... 166

6.1 Status overview ................................................................................................................. 16

6.2 Type of controls ................................................................................................................. 16

6.3 Number of controls .......................................................................................................... 17

6.4 Number of risks ................................................................................................................. 17



1. General Administration (Administrator)

Administrators have access to all parts of the system and is the only user type who has access to the General Administration. In General Administration, Administrators can create users and Organisation Units.

1.1 Create new users

To create a new user, press the + in the box named Users. This will lead Administrator to a page in which the following data related to the new user must be registered: Name: Type the user’s full name. (Mandatory) User name: Type the username. Numbers, normal letters and capital letters can

be used, however space is not allowed in the username. A minimum of two characters is required. (Mandatory)

Password: Type a password. This password is temporary. At the first login, the

user is asked to change the password. The password must consist of minimum eight characters. (Mandatory)

E-mail: Type the users’ e-mail. This enables the system to send e-mails to

the user. (Mandatory) Access: Assign access to the user. The four user types are described below.

If the organisation has more than one of Risma Systems’ systems, it is possible to make differentiated access to RISMAcontrols, RISMAexecution and RISMArisk. This allows one user to be Super User in one system and regular user in another.



An Administrator has access to all functions of the systems, and the only user with access to General Administration. The symbol of the Administrator is shown with an A. A Super User has access to Administration for RISMAcontrols, Controls Catalogue, My controls and Reports. However, a Super User cannot create users or Organisation Units. The symbol of the Super User is shown with an S. A Privileged User has access to Controls Catalogue, My controls and Reports. A Privileged User has access to the controls within the organisation unit and underlying units connected to the user. The symbol of the Privileged User is shown with a P. A regular user has access to Controls Catalogue and My controls, including the controls, the user has been given access to. The symbol of the regular user I is shown with a symbol of a person.

If a user has no symbol, this means that no access is given to any of the systems. The symbol shown in the overview, is the highest level of access the user has in any of the systems. Organisation: Add the Organisation Unit, for which the user is associated. More

than one Organisation Unit can be assigned. (Mandatory) Others activities: If a user should have access to others activities, add the

usernames of the persons who the user should have access to. Add the user(s) by pressing the + in the box named, “Allow access to the activities from”.



When a user has access to the activities of another user, the activities will be shown under the main menu Others Activities on the front page of RISMAbusiness.

The button Create must be pressed for the user to be saved.

1.2 Change user data, including change of password

A list of all users is available in the General Administration section. Pressing the respective user’s “username” will lead to a page, where the user´s user data is listed. Administrator can change all data in the pop-up window. The button Update must be pressed for the changes to have an effect.

1.3 Deactivate and activate user

A list of all users is available in the General Administration section. A user with the user number crossed is a deactivated user. To deactivate a user, press the red X next to the user’s e-mail address, the user number will now be crossed. In order to activate the user again, press the red X again, the user will now be active again. This is shown by not having the user number crossed. When a user is deactivated, the user no longer has access to the system.

1.4 Delete users

User profiles cannot be deleted from the system. Administrator can, however, overwrite data in a user profile, and thereby delete the previous user data. This can be done by selecting the username of the user who should no longer have access, and change username, password, full name and e-mail address, to reflect the new user´s data.

1.5 Send e-mails to all users

Above the list of all users in the general administration, is the button Send E-mail to all users. By pressing this button, Administrator will get a pop-up window, in which e-mails of all users are listed. This list can be copied to Administrators’ e-mail system, by pressing the button Copy using the “Ctr + c” function (“Cmd + c” for Apple products), and then go to the e-mail system, and use “Ctr + v” (“Cmd + v” for Apple product). It is possible to move only part of the list, by highlighting it with the mouse before using “Ctr + c”. This requires, however, that “Flash Player” is installed on the PC or Mac.



The function can be used if Administrator wants to give a general information about the systems.

1.6 Organisation

See an example of an organisation in three levels below.

To create an organisation unit, press the + in the box named Organisation. A pop-up window appears in which the title of the organisation unit can be entered. The button Create must be pressed to save the Organisation Unit. To create underlying Organisation Units, press the overlying Organisation Unit, under which the name of the underlying unit shall be entered. In the bottom of the pop-up box, you see two options, Create underlying Organisation Unit and Delete organisation. When creating an underlying Organisation Unit, a unit is created on the level below the chosen organisation unit. It is possible to have organisation units in a total of three levels. To delete an organisation unit, press the organisation unit you wish to delete, and press the button Delete Organisation in the bottom of the pop-up page. When deleting a unit, a warning message will appear. Press OK to continue the deletion.

1.7 Holidays At the bottom right of the general administration section is a box named Holiday. This function allows you to create "invalid" days in the calendar. This is done by clicking the (+) in the box called Holidays. It is now possible to write the title of the day and find the date in the calendar. After clicking Create, the day is listed below. When a day is defined as an "invalid" day, the deadline of the controls will not appear this day. If you have chosen the option "Calculate deadline from end of



month." Likewise the controls deadline will not occur in the weekend if this frequency is selected.

2. Administration of RISMAcontrols. (Administrator and Super User)

The administration of RISMAcontrols includes the following four elements: Accounts, ControlRisks, Processes and Control risk types.

2.1 Accounts To create Accounts, press the + in the box named Accounts. Type the title in the pop-up window, and press Create to save the account. To change the title, press the name of the account, in the list of all accounts, it is now possible to edit the title. To delete an account, press the red x next to the title. It is only possible to delete accounts, which is not associated with any control. To read how the accounts are associated with controls, see section “3.3 Create Controls”.

2.2 ControlRisk To create Risks, press the + in the box named ControlRisks. Type in the title, in the pop-up window, and choose a Control Risk Type. When pressing the + in the box named Type, in the pop-up window, a list of all risk types appears. Choose a risk type from the list, or create a new. To create a control risk type, type the name in the bottom of the box, and press the + to create. The risk type will now appear in the list of all risk types. Choose the risk type by pressing the name. Press the name again, to remove the risk type from the particular risk. Choose only one risk type per control risk.



To change the title, press the name of the risk in the list of all risks, and it is now possible to edit the title. To delete a risk, press the red x next to the title. It is only possible to delete risks which are not associated with any controls. To read how risks are associated with controls, see section “3.3 Create Controls”. The system allows the user to link a risk, from RISMArisk to RISMAcontrols, if the company has both systems. The link happens when creating a risk, and when pressing Link to RISMArisk. Press the save button to save the risk. The risk will now appear in the list of all risks.

2.3 Processes To create a process press the + in the box named Process. Type in the title in the pop-up window and press Create to save the process. To change the title, press the name of the process in the list of all processes, and it is now possible to edit the title. To delete a process, press the red x next to the title. It is only possible to delete a process, which is not associated with any controls. To read how the process is associated with controls, see section “3.3 Create Controls”.

2.4 Control risk types In the box named Control risk type, the user is allowed to create and delete control risk types. Create a control risk type by pressing the + in the box. Delete the control risk type by pressing the control risk type title.

3. Controls Catalogue (all user types) In the Controls Catalogue, the user has an overview of all controls the user has access to. Administrator and Super User have an overview of all controls in the system. Privileged Users have an overview of controls within the user’s Organisation Unit and all controls in underlying Organisation Units. Regular users can only see the controls they are connected to. A user is connected to a control when they are added as Responsible, Escalation or Ready for Review. The controls are listed in numerical order.

3.1 Traffic light The colors of the traffic light indicate how long time there is before deadline. The system is default set after the following rules, but it is, however, possible to change these settings for each control.

Green: The control shows green up till 7 days before the deadline. Yellow: The control shows yellow when there is less than 7 days to

deadline. Red: The control shows red when deadline is overdue.



3.2 Sorting In the top right corner, you can choose to sort according to Control Number, Deadline or Organisation Unit. Default is always control number. If organisation is chosen, controls will be listed after the name of the organisation, alphabetically and second after control number.

3.3 Create controls New controls can be created by using the button Create Control in the top left corner. When pressing Create Control, an empty data entry page opens with the first available control number. Title, Responsible, Organisation Unit, Deadline and Frequency are mandatory elements when creating a control. Data entry page

The following elements are part of the data entry page. Number: The number is automatic when creating the control. It is not

possible to change the number of the control. Title: Type the title next to the number. It is possible to change the title at

any time after creating the control by pressing the title in the data entry page.

Description: Type a description by pressing Edit to add. A maximum of 2.000

characters can be used. If this number is exceeded, an error message appears. Correct the text and press Update Control in order to save the changes.



Associations: It is possible to connect Accounts, Risks and Processes. See all

elements by pressing the arrow next to the subject you wish to add. Press the element you wish to add to the control. It is possible to add one Risk, one Account and one Process to each control.

Control Risks, Accounts and Processes can be created in the administration for RISMAcontrols by Administrator or Super User

Type: The control is classified by four parameters: Key Control (Yes/No),

Automatic/ Manuel, Preventive/Detective and Preparing /Reviewing. When creating a control, column 1 is set as default.

Responsible: Choose the user(s) responsible for the control by pressing the +

next to Responsible in the grey box to the right in the window. A list of all users appears. Choose a user by pressing the username. Remove the user from the control by pressing the x next to the username.

If a user is not found in the list, the user is not created in the system.

Contact the Administrator to create new users in the system. New users can only be created by Administrator in the General Administration.

Escalation: Choose the user(s), who should receive an e-mail notification, when

the deadline is exceeded. Users are added the same way as Responsible. Users added under Escalation, will automatically receive an e-mail, when deadline is exceeded. E-mails will automatically be sent at 5.00 AM after the deadline.

Ready for review: Choose the user(s) who should receive an e-mail notification

when the control is completed. Users are added the same way as Responsible. User added under Ready for Review, will automatically receive an e-mail when the control is completed. E-mails will automatically be sent at 5.00 AM after the completion.

Organisation: Add the Organisation Unit the control belongs to. Only one

Organisation Unit should be added to each control. New Organisation Units can be created by Administrator in the General Administration.

Links (Requires RISMAcontrols) If the company has both RISMAexecution

and RISMAcontrols, it is possible to create a link between a specific initiative and a specific control. The link is created by clicking the (+) next to Link. Next comes a pop-up box where it is possible to search for a specific initiative. Write text in the box, then click on the button. The search results appear below. To create the link, press the title. The initiative now appears under the heading Links.



When pressing the initiative title, you are led directly to the initiative. A link is automatically created in the initiative, which makes it possible to go back to the control. To remove the link press the (x) next to the title.

Daily team Add users who work with this control. Users associated with the

daily team receive an e-mail when a message is updated in Risma Board. The e-mail includes the message updated in Risma Board, and a direct link to the control. This function allows you to send a message out to the team. When a user is added to a daily team, the control is automatically showed in ”My controls” under a separate heading.

Risma Board The box named Risma Board allows users to communicate and

share ideas without including this in the report. To add text to the conversation, write the text in the bottom of the box, and press the white arrow to submit the text.

To gain access to all previous messages, press the button Show All, a pop-up window will appear with the full version. This allows users to see all previous messages from the users in the control. To exit the pop-up window, press the white X in the right corner of the box.

Deadline: In the right corner of the data entry page, next to the title, deadline

is set. If deadline is not changed, the time of the deadline will be the time of the creation of the control. To edit the deadline, press the date and a calendar will appear. Choose date and time to set the deadline. When the deadline is set, choose the relevant time zone. When pressing the time zone, a box showing all time zones will appear. Press the time zone for the control.

Frequency: The frequency is automatically set to be daily. Change this by pressing daily and a dropdown menu with all options appears. It is possible to choose the following options: daily, weekly, biweekly, monthly, quarterly, biannually and annually.

In addition to the above options, it is also possible to tick the box

named "Calculate deadline from end of month." When this frequency is selected, two boxes are displayed below: working days and before/after. This frequency allows you to select the number of weekdays before/after the last day of the month. The deadline is calculated automatically. The system automatically exclude the weekends. It is possible to create "invalid" days, like vacations and holidays in the general administration section.



Buttons: At the bottom of the data entry page, the Update button is placed. The Update button should be used every time a change has been made. If the Update button is not pressed, and you exit the page, the changes will not be saved.

Next to the update button, a Cancel button is placed. By pressing

this button, you will be navigated to the previous page without having created the control.

In the bottom of the data entry page, the button Copy Control and

Delete Control is placed. When pressing Copy Control, an identical control is created at the next available control number. Information in Risma Board is not copied.

Press Delete Control to delete the control permanently in the

system. When pressing the button, a warning box appears. Press OK to confirm deletion of the control to delete the control permanently from the system. It is only possible to delete a control, when it has not been completed.

After a control has been completed, the Delete Control button is changed to a Close Control button. When a control is closed, there is no deadline, and will therefore not be shown under My Controls. The control is now shown in the control catalogue, and reports with crossed titles.

4. My Controls (All user types)

In My Controls, the user sees a list of up to nine pending controls that the user is connected to. The list is always sorted by deadline and the control which is closest to deadline will be shown first.

4.1 Completion of control When a control is completed, press the button Control Completed. A pop-up window makes it possible to attach files, link to a document and add comments. Attach files by pressing Attach file, which allows you to search in your library. It is possible to attach Word, Excel, PowerPoint and PDF-filer. The document size can be maximum 25 MB per document.



Add a comment by pressing the text Edit to add under Add comment. When the documents are attached, and the comment added, press the button Control Completed. The Control is now completed, and another control with the same control number is created, but with a new deadline depending on the frequency. It is not possible to change the comment of the control after completion. To add a link, type the URL beneath the heading: Add link to document.

5. Reports (Administrator, Super User and Privileged User) Administrators, Super Users and Privileged Users can create reports of controls. Find the function under the main menu called Reports.

5.1 Creation of reports The main menu item Reports will direct the user to a page in which the criteria for the report is defined. The user can sort the report after the following parameters: People:

• Responsible • Escalation • Ready for review

Organisation: • Organisation

Associations: • Risk • Risk type • Account



• Process Type

• Key control Yes/No • Manual/Automatic • Preventive / Detective • Preparing/Reviewing

Deadline • Period • Traffic light

One of the following four report types must be chosen: 1 Completed 2 Pending 3 Audit report 4 Changes The four different types of reports are described below. When the criteria have been chosen, press Create report.

5.2 Report with completed controls. The report includes all completed controls, which meet the chosen criteria, and which had deadline in the chosen period. If no period is chosen, all controls meeting the other criteria within the past 12 month will be shown. If a control is completed when the deadline is overdue, the title will be shown with a red color. Controls, with a black title, have all been completed within the deadline. A See Comments button is placed in the lower right corner of the box in which the controls’ information are presented. By pressing this button, attachments and comments of this particular control is shown. Only comments to controls performed in the selected period appears in the list. When the button See Comments is pressed, a pop-up window appears with a list of all comments and attachments. At the bottom of each control is a button with the test “see all” followed by the number of controls that have been completed in the chosen period. By pressing the button See All, comes a new screen with a list of the controls completed within that control number. This pop-up window includes information about the deadline, and completion date for each time the control has been completed. A red title shows that the control was overdue when it was completed. In the lower right corner of each control there is a See Comments button. By clicking on this, the attachments and comments for each completed controls are shown.



5.3 Report with pending controls This report provides an overview of the pending controls in a selected period. The report contains controls that are not yet completed. The controls are listed in order of categories, with the controls to be carried out first placed in the upper left corner. This is the only report where listings do not happen in numerical order. With no specified period, controls with deadlines within the next month will appear.

5.4 Audit report This report provides an overview of all controls created. The report contains the controls that meet the selected criteria and have deadlines in the selected period. It is irrelevant whether the controls are already carried out or not. A control can only be included once, regardless of whether it had a deadline two or more times in the selected period. The controls are listed in numerical order. If no specified period is selected, all controls that meet the other criteria - regardless deadline, will appear.

5.5 Report of changes The report contains a listing of all the controls that have been changed in the selected period. The controls are listed in numerical order. At the bottom of the box, is the date when the change was made. There is furthermore a See change button. When this button is pressed, a pop-up window appears with a listing of the changes. Press the red X in the top right corner of the pop-up window to return to the report.

5.6 Correction of controls in reports

After creating a report, it is possible to add or change data in the report. Pressing the control title will direct the user to the control data entry page of the control. After adding or changing data in the data entry page, the button Update control must be used before pressing on Back to report. The report has now been updated. This function could for instance be used if a report has been made for a meeting, and the decisions from the meeting are documented directly in the system.



6. Dashboards Four different dashboards are presented under “Dashboards”; Status Overview, Type of control, Number of controls and Number of risks. The organisations and processes are selected at the top of the screen. There is no limit to the number of organisations and processes that can be selected. All charts can be downloaded as image files, png, jpg, svg and pdf or saved in file formats CSV, Excel and json. In addition, all charts can be printed directly from the system. These features can be found by clicking on the arrow to the right of the graph.

6.1 Status overview Status overview includes three charts, which are described below. Overall status Overall status gives a picture of all pending controls. The percentage of controls with more than 7 days to deadline, with less than 7 days to deadline, and the percentage that are overdue is presented as having exceeded the deadline. Status per process Status per process shows how many controls that have more than 7 days to the deadline, less than 7 days to the deadline, or has exceeded the deadline. Overdue controls per employee Overdue control per employee shows for each employee the number of controls, which has exceeded the deadline. The chart distinguishes between whether the employee is responsible for performing or reviewing the control.

6.2 Type of controls Type of controls includes four charts which are described below. Preventive vs. Detective Preventive vs. Detective shows the percentage and number of controls within the selected organisations and processes that are preventive and detective. Preventive vs. Detective per process Preventive vs. Detective per process shows the number of controls that are preventive and detective in each process. Manuel vs. Automated Manuel vs. Automated shows the percentage and number of controls within the selected organisations and processes, respectively manual and automatic. Manuel vs. Automated controls per process Manuel vs. Automated controls per process show the number of controls that are manual and automatic, in each process.



6.3 Number of controls Number of controls shows the number of controls within an organisational unit and process. The chart shows the organisational units horizontally, while the number of controls is displayed in the bar from each organisational unit. Each colour represent a process, which can be seen at the bottom of the chart.

6.4 Number of risks Number of risks shows the number of different risks associated with controls within an organisational unit and process. The chart shows the organisational units horizontally, while the number of controls is displayed in the bar from each organisational unit. Each colour represents a process, which can be seen at the bottom of the graph.

Documents

Uk userguide rismacontrols 4 3