Use Case Description

This use case involves the formal approval of residual risks by the risk owner after the risk treatment has been planned and documented on the risk data card. The risk owner reviews the residual risk details and approves the risk by clicking an approval button. The approval button is visible only for the risk owner when the risk is in the ‘Waiting for approval’ status. This ensures that all documented risks are acknowledged and accepted by the responsible persons.

Example Scenario

An identified risk related to failing to meet regulatory compliance requirements (RISK-000039) needs to be approved by the accountable manager, Carter Leo. After the risk treatment plan is documented, Carter Leo receives an email notification that the residual risk is ready for approval. He then reviews the risk details and approves the risk by clicking the approval button in the risk management solution.

Workflow

1. Plan Risk Treatment: Document the risk treatment plan on the risk data card.
2. Notification for Approval: The risk owner receives an email notification when the residual risk is ready to be approved (when the status is set to ‘Waiting for approval’). 
3. Review Risk Details: The risk owner reviews all the documented details of the residual risk.
4. Approve Risk: The risk owner clicks the approval button to formally approve the residual risk.
   

Results

• The risk is formally approved and acknowledged by the risk owner.
• The risk data card has an approval timestamp status and timestamp.

Benefits

• Ensures accountability for each risk.
• Provides formal acknowledgment and acceptance of the residual risks by responsible parties.
• Enhances the transparency and traceability of the risk management process.