We've updated some of our product names. Nintex Promapp is now called Process Manager.

Risk and Compliance Governance

Role	Responsibilities	KPIs
Enterprise Risk Manager: Owns the organization’s Risk and Compliance framework. This is a leadership role rather than an active role.	Ensures a Risk Management Framework is in place and operating effectively Chairs the Risk and Compliance forums Empowers Risk Portfolio Managers	Attends all Risk and Compliance forums
Risk Coordinator: Coordinates the organization’s Risk and Compliance activities (also fulfills the Risk Portfolio Manager responsibilities)	Manages the organization’s Risk Management Framework and how this is supported by the Promapp Risk and Compliance Module Liaises with and provides guidance to Risk Portfolio Managers Develops and delivers Risk and Compliance training courses as part of Induction and for Business as Usual training Schedules, attends, and coordinates other Risk Managers' attendance and minutes Risk and Compliance forums	Recognized as the first point of contact for any queries Risk Portfolio Managers have All staff are trained on how to view Nintex Process Manager Risk and Compliance items (if appropriate) All Risk Portfolio Managers are trained on how to: Create and edit Risk and Compliance items & treatments Approve (or decline) changes to treatments Monitor periodic sign-off of Risk and Compliance items and sign-off, where required, via the My Risks dashboard Regular Risk and Compliance forums have been held, were attended, and were minuted
Risk Portfolio Manager: Manages their respective Risk Portfolio and ensures the Risk and Compliance registers are complete, accurate, and current, and that appropriate treatments are identified, operational and effective Note: RISK PORTFOLIO EDITORS assist Risk Portfolio Managers to edit or change Risk and Compliance details within their specific Risk Manager’s Portfolio	Maintains the Risk and Compliance Register within their Risk Portfolio to ensure all risks are identified, accurately described, and accurately scored Assigns Risk Owners to Risk and Compliance items within their Risk Portfolio, as required Ensures all Risk and Compliance items within their Risk Portfolio have treatments that manage the risk effectively Addresses any treatments that are overdue or have been marked as non-compliance (if no Risk Owner exists) Conducts an impact assessment for any treatment changes and approves / declines the change (if no Risk Owner exists) Attends all Risk and Compliance Forums	Risk Register is reviewed and updated at least quarterly Risk and Compliance treatments are reviewed and updated at least quarterly Overdue or non-compliant sign offs for their Risk Portfolio are addressed (if no Risk Owner exists) Treatment changes are approved or declined within 10 working days of a request (if no Risk Owner exists) Attend all Risk and Compliance Forums
Risk owner: Owns and manages risks that have been assigned to them by the Risk Portfolio Manager	Assists Risk Portfolio Managers to identify treatments in relation to the Risk and Compliance items they own Completes periodic sign off to confirm existing treatments are operational and effective Conducts an impact assessment for any treatment changes and approve / decline the change Addresses any treatments that are overdue or have been marked as non-compliant Assists Risk Portfolio Managers to ensure all relevant Risk items are identified	Risk and Compliance treatments for the Risk and Compliance items they own are reviewed and updated at least quarterly Overdue or non-compliant sign offs for their Risk items are addressed Treatment changes are approved or declined within 10 working days of a request Attend all Risk and Compliance Forums (optional)
Treatment Sign-off Stakeholder: Responsible to action the treatment assigned to them, which has been determined to mitigate an identified risk and requires a sign-off to confirm that the treatment is being carried out	Periodically signs-off to confirm that Risk and Compliance treatments are in place and are operational and effective (sign-off timeframe is dependent on the risk) Identifies new Risk and Compliance items and treatments (as with all staff)	No treatment sign-offs become overdue At least one new Risk and Compliance item or treatment is identified in a period (optional)
Users - All Nintex Process Manager users (These users can also be Risk Portfolio Viewers for selected Risk Portfolios)	Follow documented process steps or tasks when carrying out work to ensure Risk and Compliance items are managed Provide feedback on Risk and Compliance items or treatments as things change	All work is carried out in accordance with documented process information At least one new Risk and Compliance item or treatment is identified in a period (optional)