Syncing Risk Manager with Frameworks

The Risk Manager app is integrated with the Frameworks app. The risks and controls in the Risk Manager app get synced with the Frameworks app in real time. You now have a central repository for your organization's risks and controls, which you can work with in Risk Manager, Projects, or both.

The Risk Manager - Frameworks sync feature requires a subscription to one of the following solutions: IT Risk Management (previously ITRMBond) or Third Party Risk Management (previously ThirdPartyBond) or Risk Management.

How it works

Each time you add or edit a risk or control in the Risk Manager app, these changes get replicated in the Frameworks app automatically, you don't have to do anything manually to trigger the sync. Once the items are synced with the Frameworks app, you can import these into your project or framework and work with them.

Components required for the sync

The following components are required for the synchronization from the Risk Manager app to the Frameworks app:

  • A new fixed framework called the Risk Manager in the Frameworks app.
  • A new fixed objective called the Risk Manager under the Risk Manager framework to store the risks and controls synced from the Risk Manager app.
    Note

    Depending on your organization's configuration, objectives may also be called sections, processes, cycles, functional areas, application systems, risk categories, or another custom term.

  • A new project type called the Risk Manager with Internal Control workflow. This is not visible in the user interface.

We will create the fixed components and set everything up for you once you have the required subscription, just let your Diligent representative know.

Items that get synced

  • Risks and controls The risks and controls in the Risk Manager app get synced with the Risk Manager framework in the Frameworks app.

    For example, you create a risk in the Risk Manager app, and within a few seconds, this risk is created in the Risk Manager framework in the Frameworks app. Similarly, the controls in the Risk Manager app also get synced with the Risk Manager framework in the Frameworks app.

    Note

    A test plan is not available in Risk Manager. Therefore, for each control that gets synced from the Risk Manager, a corresponding test plan is created in the Frameworks app automatically.

  • Risk and control relationships In the Risk Manager app, if you link your risk to a control and your control to a risk, these associations will also get synced with the Risk Manager framework in the Frameworks app.

    Note that the synchronization applies specifically to risk-control associations. Other associations such as risk-to-risk, control-to-control, risk-to-asset, and control-to-asset are not synchronized.

Items that do not get synced

The following relationships of risks and controls in the Risk Manager app do not get synced:

  • A risk linked to another risk.
  • A control linked to another control.
  • An asset linked to a risk.
  • An asset linked to a control.

Can I edit the synced the risks and controls in the Frameworks app?

You cannot edit or delete the synced risks and controls in the Risk Manager framework. If you want to make any change, you have to do it in the Risk Manager app and these changes will reflect in the Risk Manager framework in the Frameworks app.

Also, you cannot edit or delete the fixed components such as the Risk Manager framework or the Risk Manager objective.

Tip

Use the Risk Manager button in the Risk Manager framework to navigate to the Risk Manager app to make any changes.

Note

You can edit a test plan in the Risk Manager framework.

Benefits of the Risk Manager sync with the Frameworks

The following are the benefits of syncing the Risk Manager with the Frameworks:

  • Risk Manager can be the central repository for all risks and controls in your organization.
  • You can import the synced risks and controls to any project or framework, irrespective of the project type.
  • After importing, you can use those risks and controls in the Projects app and execute various workflows associated with them.

Things that are different in the Risk Manager framework

The Risk Manager framework is unlike other frameworks. The main purpose of the Risk Manager framework is to store the risks and controls that are synced from the Risk Manager app. You cannot work in the Risk Manager framework the same way as any other framework.

The following section lists the limitations of the Risk Manager framework when compared to any other framework. These differences are listed according to the pages.

Landing page of the Risk Manager framework

  • No Planning / Reference tab: You cannot add any reference information or files.

Settings page of the Risk Manager framework:

  • Name and description fields are read-only, you cannot edit them.
  • No Project Type field: You cannot change the project type. A new project type called the Risk Manager with Internal Control workflow is selected by default. This is not visible in the user interface.
  • Assurance field is always enabled and grayed out. You cannot disable this.
  • No Save or Delete Framework buttons: You cannot edit or delete the fixed Risk Managerframework.
  • No Bulk Import tab: You cannot bulk import any items into the Risk Managerframework.

Objectives tab in the Risk Manager framework:

  • Has a new fixed objective called the RiskMgr objective.
  • No Add Objectives or Import Objectives buttons: You cannot add or import any objectives into the Risk Managerframework.
  • No Narratives option in the Go To dropdown list: You cannot add a narrative.

Overview tab in the Risk Manager Objective:

  • The details in the Overview tab are read-only, you cannot edit them.
  • No Narratives tab: You cannot add a narrative.
  • No Entity Coverage link: You cannot link entities.
  • No Delete Objective button: You cannot delete the fixed Risk Manager objective.

Risk Control Matrix in the Risk Manager framework

  • No Add or Import buttons: You cannot add or import risks and controls.
  • No Associate buttons: You cannot associate the risks or controls.
  • No PDF or Excel export options: You cannot export the risks and controls.

Risk details page in the Risk Manager framework

  • The data in the Risk details page is read-only, you cannot edit it.
  • No Entity Coverage link: You cannot link entities.
  • No Save or Delete Risk buttons: You cannot edit or delete risks.

Control details page in the Risk Manager framework

  • The data in the Control details page is read-only, you cannot edit it.
  • No Entity Coverage link: You cannot link entities.
  • No Save or Delete Control buttons: You cannot edit or delete controls.

What's next?

Once you have the risks and controls from the Risk Manager app synced with the Risk Manager framework, you can import these items into your desired projects or frameworks. To learn more about importing, see Importing risks / Importing procedures or controls.