Create or Edit a treatment

Treatments are processes, policies, or actions that users take to reduce the likelihood of a risk occurring or to mitigate the consequences if it does occur. In some cases, a control or treatment can be a step in a process. They can also be a statement of an action or a policy. Nominated users can sign-off treatments on a set frequency confirming that they are operational and effective.

You can add the following two types of treatments:

  • Treatment:Statement: A Treatment:Statement is added as a statement to the identified risk. A statement is usually a check that is carried out by nominated users on a pre-determined frequency to ensure the risk is mitigated. A Treatment:Statement is not linked to a process. For more information, see Treatment: Statement
  • Treatment:Process: A treatment that is linked to a process. The risk is mitigated by completing the step in the linked process. For more information, see Treatment: Process.

Add a treatment

  1. Go to Risks > Register and locate the risk for which you want to add a treatment.
  2. Click Add Treatment. Select one of the following options and complete the required fields:

    1. Type a statement that describes the treatment to manage the identified risk. For example, ‘Corporate Counsel reviews Public Liability insurance needs annually and renews the insurance.’ This field has a limit of 3000 characters.

    2. In the Signoff section:

      • For Stakeholders, do one of the following and select the required details to determine who is responsible for sign-off to confirm that the risk is being managed:

        • select specific persons in the Add by name field.

        • select specific roles from the Or add by Role/Responsibility drop-down list.

      • In the Regime field, select one of the following options:
        • First only required to signoff : Doesn't require multiple people to sign-off the treatment, instead only the first user must sign-off.
        • All required to signoff: all assigned users must sign-off. If one user declines, it will be marked as 'Non Compliant'. It will remain in this state until the issue is addressed and all assigned users sign-off.

      • Select the Signoff requires attachment check box if evidence that the treatment is operational must be attached as part of the sign-off.

      • (Optional) Type Comment Placeholder text for the sign-off comment field to provide any helpful details about what users should write in the comments for treatment sign-offs.

    1. In the Frequency section:

      • select the First SignOff date: the date you want the sign-offs to start.
      • select one of the following options from the Repeat drop-down list, to determine how frequently you want sign off to occur – generally higher the risk score, the treatment must be reviewed and signed-off more frequently:
        • Never

        • Daily: Enter the number of days between sign-offs in the Every field. For example, 3 days.

        • Weekdays(Mon-Fri): require sign-off every week day.
        • Weekly: Enter the number of weeks between sign-offs in the Every field and then select the required option for the Repeats on check box.
        • Monthly: Enter the number of months between sign-offs in the Day field and select /specify the required options for the Repeats on field.

    2. Click save.

    3. Type a Change Description and click OK.
  • Note: You can only connect a Risk Treatment to the published version of your process.
    1. Click Link to a Process.
    2. Select the process and then click Select.
    3. Type a statement that describes the treatment to manage the identified risk. For example, ‘Corporate Counsel reviews Public Liability insurance needs annually and renews the insurance.’ This field has a limit of 3000 characters.

      • In the Signoff section:

        • For Accountability, select one of the following options and determine who is responsible for sign-off to confirm that the process step (which is the treatment) is operational and effective:

          • Process Owner/Expert: The owner and/or expert of the related process is responsible for the sign off.

          • Activity Role: Person or persons responsible for carrying out the process step also responsible for the sign off.

          • Nominated: Assign a specific person, persons or role responsible for the sign-off. First only means that only one stakeholder is required to sign off (click the button).

      • In the Regime field, select one of the following options:
        • First only required to signoff : only the first user must sign-off.
        • All required to signoff: all assigned users must sign-off. If one user declines, it will be rejected.

      • Select the Signoff requires attachment check box if evidence that the treatment is operational must be attached as part of the sign-off.

      • (Optional) Type Comment Placeholder text for the sign-off comment field to provide any helpful details about what users should write in the comments for treatment sign-offs.

    4. In the Frequency section:

      • select the First SignOff date: the date you want the sign-offs to start.
      • select one of the following options from the Repeat drop-down list, to determine how frequently you want sign off to occur – generally higher the risk score, the treatment must be reviewed and signed-off more frequently:
        • Never

        • Daily: Enter the number of days between sign-offs in the Every field. For example, 3 days.

        • Weekdays(Mon-Fri): require sign-off every week day.
        • Weekly: Enter the number of weeks between sign-offs in the Every field and then select the required option for the Repeats on check box.
        • Monthly: Enter the number of months between sign-offs in the Day field and select /specify the required options for the Repeats on field.

    5. Click save.

    6. Type a Change Description and click OK.

Edit a treatment

  1. Go to Risks > Register. Treatments associated with risks can be viewed and edited in the Register. You must have edit rights to the assigned portfolio to edit a risk.
  2. Hover over the treatment you want to edit and click edit.
  3. Make the required changes and click save
  4. Type a Change Description and click OK.

Delete a treatment

  1. Go to Risks > Register.
  2. Hover over the treatment you want to delete and click edit.
  3. Click delete.
  4. Click Yes to confirm.

Treatment sign-offs are retained and will display for inactive risk items.

Change a treatment type

Treatments can be converted from Treatment:Statement to Treatment:Process or vice versa. To change the treatment type, you must have edit rights to the assigned portfolio.

  1. Go to Risks > Register.
  2. Hover over the treatment you want to change and click edit.
  3. Do one of the following:
    • To change Treatment:Statement to Treatment:Process, select the Treatment:Process option and follow the steps described in Treatment: Process.
    • To change Treatment:Process to Treatment:Statement, select the Treatment:Statement option and follow the steps described in Treatment: Statement.

Link a treatment to multiple risks

If you have a treatment for an existing risk that can also be used as a treatment for a new risk, you can link the existing treatment to the new risk.

  1. Go to Risks > Register.
  2. Click Link Treatment for a risk you want to link to an existing treatment .
  3. In the Link Treatment dialog box:
    1. Search by summary or reference or Browse from portfolio/classification and select the treatment.

    2. Type a description of why the treatment is being linked.

    3. Click Link Treatment.