Purpose: To provide real time information on risks that are selected according to user specifications.
To Access: Risk Management - Library - Organisation Unit.
This function is used to create and maintain the organisation's risk management structure. The risk management structure consists of hierarchically related organisation units.
An organisation unit can be a physical object (eg. a building or machine), a functional unit (eg. marketing department), an activity (eg. payment processing) or a task/milestone of a project. Before you set up the risk management structure, careful consideration should be made to the functionality of the structure in relation to your risk management and reporting functions. Although GuardianERM.Net has available various tools to change the risk management structure, once the structure is set up and the system is put into production, the risk management structure should not be changed unless the change is to reflect a change in the organisation (eg. addition of a new branch office). The reason is that all 'transactions' in the system (eg. audits, audit schedules, compliance items, attached documents or incidents) are recorded against the risk management structure. Changing the structure (eg. moving an organisation unit from one parent unit to another) may cause confusion and loss of continuity to the information collected over time. Extreme care should be taken as the effect of changes made to the structure is generally not reversible.
A risk management structure may look like:
Select an organisation unit from the hierarchical structure and its
details are shown for editing:
Data Fields:
| Organisation Unit |
The name of the selected organisation unit. |
| Owner |
The person who is responsible for the organisation unit. |
| Risk Manager |
The person in charge of the organisation unit's risk management activities. |
|
The email addresses of the Owner and the Risk Manager. This is used by the system to send notification and reminder emails. |
|
| Business Objective |
The business objective of the organisation unit. |
| Process Type |
Select the type of process from the dropdown list. |
| IT Systems |
The main IT systems used by the organisation unit. |
| Significance |
Select a significance level from the dropdown list. |
| Last Reviewed |
The date the risks and controls for this organisation was reviewed and the user who reviewed it. These fields cannot be changed. |
| Address, State, Country, Post Code |
The address of organisation unit. |
| Phone |
The phone number to contact the organisation unit. |
| Fax |
The organisation unit's fax number. |
To activate or deactivate an organisation unit, check or uncheck the Active/InActive checkbox. An organisation unit is active when the Active/InActive checkbox is checked.
Note: When an organisation unit is deactivated, the organisation unit, all its children organisation units and all their attached risks, controls and audit procedures will not be shown in any part of the GuardianERM.Net system. However, none of the information is deleted. To retrieve the organisation unit and everything attached to it, simply activate the organisation unit again. When you deactivate an organisation unit, all its children units will be deactivated as well. However, when you activate an organisation unit, none of its children units will be activated. You need to manually activate the children units where appropriate.
To create a new company, click the New Company button and fill in the details for the company and then click the Save Data button.
Note: When a new company is created, the workflow settings will be automatically created and the settings will be the same as the first company that was created. You should check (or request the system administrator to check) the workflow settings for the new company created to make sure it is proper.
To create an organisation unit, select an organisation unit from the structure under which you want to create the new organisation unit and then click the New Organisation Unit button. Fill in the details for the organisation unit and click the Save Data button.
Important Note: When a user creates a new organisation unit, the user is the only one who has access to that organisation unit. You should determine who needs to have access to the newly created organisation unit and request the system administrator to grant the respective users the appropriate access to the organisation unit.
To copy an organisation unit, select the organisation unit and click the Copy Org Unit button. Then select the destination organisation unit you want to copy the organisation unit to and click the Paste Org Unit button.
To move an organisation unit, click the Move Org button instead of the Copy Org button.
When an organisation unit is copied or moved, the selected organisation unit, all children organisation units, risks, controls and audit procedures within the organisation unit and its children organisations will be copied and moved as well. Make sure you check the risk and control evaluations afterwards as they may not apply to the new organisation unit.