Create an Object Based Assessment

The following are the basic steps that must be performed to create an object based assessment. For our use case example, we are going to demonstrate how to create a page based risk assessment for ABC Co.

Create and Setup the Assessment

When creating an object based assessment, you must choose the object you wish to use in the Assessment Type field and then choose the associated roles. For our use case:

Access the Assessment Hierarchy.
1. Select the Default GRC context from the context menu.
2. Click the Workflow Management tab.
3. Select Assessments from the Assessment Management group.
Right-click the assessment folder where in you wish to house your assessment and select Add New Assessment. The assessment you create will automatically be housed in the Ad-hoc Assessments folder under that particular assessment folder.
Alternatively, expand the specific assessment folder, right-click the Ad-hoc Assessments folder and select Add New Assessment.to create you assessments.
Note: You can create an assessment from an assessment template as well. See Create Assessments from an Assessment Template for more information.

Choose an object (i.e. Risk, Control, Organization, RCM) as the Assessment Type.
Choose an Iteration Type (page, matrix or dual object matrix).
Click Save to return to the Assessment List or Save and Add Questions to take you directly to the Questions tab.

Note: See Add an Assessment for more information.

In our Use Case:

Risk has been chosen as the Assessment Type, and the Iteration Type is Page Based.
In in the Assessment tab, the Update Objects in the Governance Portal checkbox has been selected, insuring that the response information will update the data for the selected object in the Portal.

Pages

Pages house and organize the questions and visual elements that define the content of your assessment. By default, a single page will be pre-created for you when you create the assessment.

Manage Pages - Object Based Assessment (optional)

Create Evaluation Questions Based on the Object

The next step is to create the questions based on the iteration type and the object you selected as the assessment type. Below we demonstrate how to create a question for a paged based assessment.

Note: The procedure is different if you are creating a Matrix Based or Dual Object Matrix Based Assessment.

Add a Question:

From the Questions tab, mark the checkbox next to the page you wish to update and click Insert question or visual element.
Choose Single Evaluation as the question type, and select the field that you want the assessor to evaluate.

Note: See Manage Questions in an Object Based Assessment for more information on adding and configuring questions and visual elements.

Use Case:

For the risk assessment, we are going to have the risk assessor evaluate the Inherent Risk Likelihood for the selected risks.
Note that the Inherent Risk Likelihood field is a category field, and the responses listed are the categories found in that field. The assessor's responses to the question will eventually update the Inherent Risk Likelihood field for the selected risks in the Governance Portal after the the last level of review.

Note: See Add a Question - Object Based Assessment for details on field types and other information on adding questions

Add Assessor Groups and Scope Assessors to RCM Objects

A basic assessment contains a single assessment group and no review groups.

Note: You can create multiple assessor groups and levels of review for your assessment. See the advanced scoping section below or the Scope Tab - Object Based Assessment topic for more information creating assessor and reviewer groups.

Click the Scope tab in the assessment setup screen.
Add Assessors: There is an initial assessor group created by default. Fill out the name, assessor, action plan reviewer roles and their corresponding discover assignments and click Insert.
Note: You are required to select an Action Plan Reviewer role. What role you select will not affect your assessment if you are not using action plans. See Assessor Groups for more information on how to create and manage your assessor groups.
Scope Objects: Click the Assessor tab, select the objects you wish to scope into the assessment from the left-hand window and click Add. The objects will be added to the assignment grid on the right side of the screen, with the assigned users below that object.
Remove individual assessors from the scope by highlighting them in the assignment grid and click Remove From Scope.

Assessment Scope - Object Based

Scoping with Advanced Levels of Review (optional)

The use case below demonstrates an example of scoping with multiple assessor groups and levels of review for the ABC Co. Risk Assessment:

We have created 2 assessor groups: Assessors - Latin America and Assessors - North America.
Risk Evaluator has been assigned as the Assessor Role and is discovered at the Object level..
Action Plan Reviewer has been assigned as the Action Plan Reviewer Role and is discovered at the Enterprise, Entity, and Object level.
Note: See Assessor Groups for more information on how to create and manage your assessor groups.
Assessment Scope Example: Objects are scoped in the tabs for the assessor groups. In the Assessors - North America group tab, the risks have been scoped into the assessment, with 3 assessors assigned to each risk at the object level, meaning that each individual is in the Risk Evaluator role and that role is assigned on the Risk form.
Multiple Users are in the Action Plan Reviewer Role, which has been assigned at the Entity level (i.e. the Purchase Materials and Supplies process).
Note: See Scope Objects to Assessor Groups for more information.
Review Levels: The number and complexity of the review structure is completely customizable. At the first level of review we have created 2 review groups: Reviewers - North America and Reviewers - Latin America. Note that the assessor groups have been selected under their associated review groups.
The Assessment Reviewer role has been chosen for this assessment at the Entity level.
Note there is an additional reviewer level call Final Signoff.
Note: See Reviewer Groups for more information.
Reviewer Assignments: Reviewers are assigned in the tabs for the review groups. In the Reviewers - North America review group, David Davis and Eric Edwards are assigned as the reviewers because they are in the Assessment Reviewer role, which was assigned as the Review Group when the review levels were created (see above).
Users can select the checkbox next to the assignments they wish to change and click Update to remove reviewers from the Multiple User list.
Note: See Assign Reviewers to the Assessment for more information.

Create and Populate Invitation Lists (optional)

Once the groups have been created, objects scoped and roles assigned, the next step is to schedule distribution of the assessments through invitation groups in the Invitations tab. The invitations for assessors will be created automatically and the Persons to Invite list in the invitations tab will be updated based on the assessors scoped in. See Invitations tab for more information.

This tab defines who will be taking the assessment. Based on the users scoped in, the Person to Invite list automatically gets populated with list of assessors.

AM 4.0 - Invitation Group - Persons to Invite

For an object-based assessment, assessors are determined through the Assessor role selected in the Scope tab of the setup screen of the assessment. The Persons to Invite tab will provide a read-only display of the assessors.

Note: For more information, see Create an Object-Based/Evaluation Assessment.

Invitation Group Options

Sending of invitations to people previously invited: Allows you to send multiple invitation emails to a single person. Select from one of the three options:
- Do not send to people invited previously: No emails will be sent to a previously invited assessor.
- Send only to invitees who have not responded and to new invitees: Invitations will only be sent to uninvited assessors and previously invited assessors who have not yet responded to the assessment. Note that assessors who have started but not completed the assessment will not be invited.
- Send invitations even if respondents were invited previously: Multiple invitations to the same respondents will be sent, regardless of whether they have responded to the assessment or not.
Invitation responded when: Select one of the radio buttons determine when the assessor has sufficiently responded to the invitation.
- Invitation link is clicked in email
- A question is answered
- Assessment
Once the assessor completes an assessment, the Reviewer will be notified by an email based on the email template of the ‘Reviewer’ group. The Persons to Invite list of the Reviewer group gets updated.
When the reviewer reopens the assessment, the assessors will be notified by an email based on the email template of the ‘Reopen’ group. The Persons to invite list of Reopen group gets updated.
Once the reopened assessment is re-submitted by any of the assessors, the next level reviewer will be notified by an email based on email template of the ‘Resubmit’ group. The Persons to invite list of Resubmit group gets updated.
Note: The clients upgrading to v4.2 will have the same Persons to Invite list as it was available in the invitation group prior to upgrade. The Reviewer, Reopen, Resubmitted invitation groups will not contain any values in the ‘Person to Invite’ list by default.

Note: This is an optional step. Email invitations are not required. Assessors can access their Assessments from the My Assessments page or from the Favorites and Action Items menu.

Deploy the Assessment

Set the status of your assessment to Open from the assessment hierarchy or Deployment tab. Invitation emails will be sent to the assessors, who can also access the assessment from within the Governance Portal.

Note: See Complete the Assessment for more information on how assessors access and complete assessments.