11. Flows#

Flows represent processes that the Risk Flow platform can effectively help users with. The application can work with two types of flows - approval and audit. Their principles will be described in detail in this chapter.

11.1. View list of flows#

After navigating to the Flows module, the user will be presented with a list of all the flows they have rights to access. The distribution of permissions in this case is as follows:

Role

Rights

Admin

Rights to see all flows and edit all available flows.

Manager

Rights to see and edit the flows that he created and to which he has been assigned by the administrator.

Analyst

Rights to rights this section of the application.

Client

Rights to view and to comment on flows that have been created for his company.

Auditor

Read-only rights to all sections, can add comments. Participates in the processing of audit flows.
../_images/flows-overview.png

11.2. Start new flow#

You can start a flow on the Risk Flow platform by clicking on the Start new flow button and then selecting the type - approval or audit. In both cases, the same parameters are needed to start a new flow, which are described in the following table.

Parameter

Required

Description

Client

Yes

Selecting the client for whom the flow will be processed.

Flow title

No

Is used for better orientation in the system.

Responsible manager

Yes

Only users with the Risk Manager role can be selected. Only active users can be selected. If a flow is created by a user with the Risk manager role, this user is automatically assigned.

Deadline

Yes

Setting a deadline to finish flow. Cannot be set with the past or today’s date.

After a successful flow creation, users assigned to it are notified by an email. In the case of an approval flow, the assigned manager and the clients for whom the flow was created are notified. In the case of an audit flow, all active users with the Auditor role are notified about its creation. The informational email does not come to the user who triggered the action, i.e. if a manager creates the analysis, he does not receive an informational email about the assignment to the risk analysis. In this way, Risk Flow tries to minimize the amount of informational emails.

11.3. Edit flow#

Editing the flow is possible via the update form, which can be opened by an authorized user in the list flows via the three dots icon or in the risk analysis detail through the Edit button.

11.4. Copy flow#

A user with editing rights to a specific flow can create copies of it. When copying a flow, the same parameters are set as while creating a new one. In this process, all flow rows are duplicated. This feature is very useful when revising previously completed flows. You can copy a flow via the copy icon in the list of all available flows or in the details of a specific flow. The responsible persons are informed when a new flow is created. In the case of an approval flow, the assigned manager and the clients for whom the flow is being processed are notified of its creation. In the case of an audit flow, all active users with the Auditor role are notified of its creation. An informational email is not sent to the user who triggered the action, i.e. if the analysis is created by a manager, he does not receive an informational email about the assignment to the risk analysis. In this way, Risk Flow tries to minimize the amount of informational emails.

11.5. Delete flow#

Deleting a flow is possible in the list of available flows or in the details of a specific flow. To preserve the audit trail, it is possible to delete only:

  • Approval flows – which are not yet approved by the client.

  • Audit flows - which audit has not been completed.

11.6. Export flows#

Exporting flows is possible in the appropriate module by clicking on the Export button and selecting the export type.

../_images/flows-export.png

Export to MS Excel#

Exporting a list of flows to a Microsoft Excel workbook has the following values. The report language is adapted by the currently used application language.

Column name

Description

#

Record number in the export.

Client

Client’s name.

Deadline

Deadline date.

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Status

  • Started - flow has been established, not yet in progress.

  • In progress - flow is processed.

  • Waiting for approval - all subparts are complete and awaiting final confirmation:

    • by client in case of approval flow,

    • by auditor in case of audit flow.

  • Not approved - returned with comments for refinement.

  • Approved - flow completed.

Type

Approval flow / Audit flow.

Completion

Flow progress expressed in %.

Created at

Date the record was created.

Creation time

Time the record was created.

Created by

Email of user who created the record.

Modified

The date when record was last modified.

Modification time

The time when record was last modified.

Modified by

Email of user who made the last changes.

Export to PDF#

Exporting the list of flows to PDF format contains an inventory similar to the listing in the application. It includes the following information. The language of the report is adapted by the currently used language of the application.

Column name

Description

#

Record number in the export

Client

Client’s name

Deadline

Deadline date

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Status

  • Started - flow has been established, not yet in progress.

  • In progress - flow is processed.

  • Waiting for approval - all subparts are complete and awaiting final confirmation:

    • by client in case of approval flow,

    • by auditor in case of audit flow.

  • Not approved - returned with comments for refinement.

  • Approved - flow completed.

Type

Approval flow / Audit flow

Completion

Flow progress expressed in %.

Export to JSON#

Exporting flows to JSON format is available only to instance administrators. This type of export can only be used in the Enterprise license. The exported file can serve as a simple backup or can be used to import into third-party applications.

11.7. Approval flow#

The approval flow is the process by which completed and manager-approved risk analyses, risk management plans and other documents are presented to the client. This flow can include several risk analyses and plans that are presented to the client for approval at once. The client can view and examine these parts in detail. Each of them can be commented on and approved or sent back for revision. If all partial risk analyses, risk treatment plans and any other documents are approved, the client can close the approval flow.

Detail - manager’s point of view#

After opening the approval flow detail, the user sees the following listing. He/she can edit the parameters flow, add risk analysis, RTPs and other documents for approval and add comments.

../_images/flow-detail-manager.png

Detail - client’s point of view#

After opening the details of the approval flow, the user sees the following statement. Has permission to approve risk analyses, risk treatment plans and other documents in this flow, view their detail and add comments.

../_images/flow-detail-client.png

EPC diagram#

EPC diagram is used for process descriptions and workflow modelling. It looks like this for the approval flow.

../_images/approval-flow-epc.png

Adding parts of the approval process#

Adding parts to the approval flow is possible in the flow detail after clicking the Add button and then selecting what you want to add – Analysis, Risk treatment plan or Document.

Add risk analysis#

Parameter

Required

Description

Identification

Yes

Identification of added risk analysis. Used for better orientation.

Analysis

Yes

Selection of risk analysis to be added to the approval flow. Only completed risk analyses that have been prepared for this client and approved by the responsible manager will be displayed in this list. Each analysis can be added to the approval flow only once.

Add risk treatment plan#

Parameter

Required

Description

Identification

Yes

Identification of the added plan. It serves for better orientation.

Risk treatment plan

Yes

Select the RTP to add to the approval flow. Only completed and manager-approved plans that have been processed for this client will appear in this list. Each plan can be added to the approval flow only once.

Add document#

Parameter

Required

Description

Identification

Yes

Identification of attachments being added. It serves for better orientation.

Attachment

Yes

To select multiple attachments, hold down the CTRL key and left-click to select multiple files to insert, or select all files to upload and drag them to the file upload box. It is possible to upload files in pdf, png, jpg, doc, zip, docx, xlsx, txt and csv formats. The size of one file is limited to 10MB.

Removal of part of the approval process#

An authorized user can remove a risk analysis, risk treatment plan or document from the approval flow by clicking on the trash bin icon and then confirming in the modal window.

Approval of individual parts#

The client has the ability to review, comment and approve parts of the approval process. If the flow contains any part that is still waiting for approval, it is highlighted with a gray exclamation point in the table header.

../_images/flow-detail-approvals.png

After clicking the Approval button, the client is given the option to approve or disapprove the part. In case of disapproval, the part is returned for completion and open for editing. The client should add comments to it describing why they did not approve this part. As long as the approval flow is not closed, the client can take back his approval or disapproval.

Approval and completion of flow#

At the moment when all parts of the flow are approved by the client, the client is given the option to close the approval flow through the Approval button in the flow detail header.

../_images/flow-approval-finish.png

Completion and final approval of the approval flow must still be confirmed in the modal window.

../_images/flow-approval-modal.png

Comments#

Authorized users can add comments to all the flows. All comments can be viewed by clicking on the Comments button, which opens a page with a list of existing comments and a form to add a new one.

Adding comment#

It is possible to add a comment after filling in the appropriate field for entering the text of the comment and sending it with the Add comment button.

Internal and public comments#

Users can add internal and public comments. Internal comments are not displayed to the clients for which the flow is processed. Administrators, managers, analysts, and auditors can see all logged comments and attachments.

Comments attachments#

You can add attachments to each comment. To select multiple attachments, hold down the CTRL key and left-click to select multiple files to upload, or select all files to upload and drag them with the mouse into the file upload box.

Export flow#

The export flow details is possible by clicking on the Export button and then selecting the export type.

../_images/flow-export.png

Export to MS Excel#

The approval flow detail export to a Microsoft Excel workbook has three sheets of the following values. The report language adapts to the currently used application language.

Sheet 1 – Risk analyses

Column name

Description

#

Record number in the export.

ID

An identifier is used to improve user orientation in the system.

Deadline

Date for processing

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Risk analysts

List of users with the role Risk analysts who are/ were involved in performing risk analysis.

Client approval

Awaiting approval / Approved / Not approved.

Approved by

User of the client who approved/disapproved the analysis.

Approval date

Date of approval.

Approval time

Time of approval.

Created at

Date the record was created.

Creation time

Time the record was created.

Created by

Email of user who created the record.

Modified

The date when record was last modified.

Modification time

The time when record was last modified.

Modified by

Email of user who made the last changes.

Sheet 2 – Risk treatment plans

Column name

Description

#

Record number in the export.

ID

An identifier is used to improve user orientation in the system.

Deadline

Date for processing

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Risk analysts

List of users with the role Risk analysts who are/ were involved in performing risk analysis.

Client approval

Awaiting approval / Approved / Not approved.

Approved by

User of the client who approved/disapproved the analysis.

Approval date

Date of approval.

Approval time

Time of approval.

Created at

Date the record was created.

Creation time

Time the record was created.

Created by

Email of user who created the record.

Modified

The date when record was last modified.

Modification time

The time when record was last modified.

Modified by

Email of user who made the last changes.

Sheet 3 – Other documents

Column name

Description

#

Record number in the export.

ID

An identifier is used to improve user orientation in the system.

Client approval

Awaiting approval / Approved / Not approved.

Approved by

User of the client who approved/disapproved the analysis.

Approval date

Date of approval.

Approval time

Time of approval.

Created at

Date the record was created.

Creation time

Time the record was created.

Created by

Email of user who created the record.

Modified

The date when record was last modified.

Modification time

The time when record was last modified.

Modified by

Email of user who made the last changes.

Export to PDF#

Exporting the flow detail list to PDF format contains a list similar to the listing in the application. It includes the following information. The language of the report is adapted by the currently used language of the application.

Analyses in the flow

Column name

Description

ID

An identifier is used to improve user orientation in the system.

Deadline

Date for processing

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Risk analysts

List of users with the role Risk analysts who are/ were involved in performing risk analysis.

Status

  • In Flow – a completed and approved risk analysis that is part of the approval process.

  • In Flow, not approved - a completed analysis that was returned by the client for revision as part of the approval process.

  • In Flow, approved - Completed risk analysis, approved by both responsible manager and relevant client.

Client approval

Awaiting approval / Approved / Not approved.

This field includes information about which user took the action and when.

Risk treatment plans

Column name

Description

ID

An identifier is used to improve user orientation in the system.

Deadline

Date for processing

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Risk analysts

List of users with the role Risk analysts who are/ were involved in performing risk analysis.

Status

  • In Flow – a completed and approved risk analysis that is part of the approval process.

  • In Flow, not approved - a completed analysis that was returned by the client for revision as part of the approval process.

  • In Flow, approved - Completed risk analysis, approved by both responsible manager and relevant client.

Client approval

Awaiting approval / Approved / Not approved.

This field includes information about which user took the action and when.

Other documents

Column name

Description

ID

An identifier is used to improve user orientation in the system.

Created

Creation date and time

Client approval

Awaiting approval / Approved / Not approved. This field includes information about which user took the action and when.

Export to JSON#

Exporting flow details to JSON format is available only to instance administrators. This type of export can only be used in the Enterprise license. The exported file can serve as a simple backup, or it can be used to import into third-party applications.

11.8. Audit flow#

The audit flow is a process, by which users with the Auditor role can perform auditing activities on already completely approved risk analyses. These are analyses that have passed the approval flow. An audit flow can include multiple approval flows, where each single approval flow can contain multiple risk analyses prepared for a given client.

Detail – manager’s point of view#

After opening the audit flow detail, the manager can see the following statement. He/she can edit the parameters flow, add completed audit approval processes and add comments.

../_images/audit-flow-detail-manager.png

Detail – auditor’s perspective#

After opening the flow detail, the auditor can see the following statement. He/she has permission to close the audit of the subparts in this flow, view their detail and add comments.

../_images/audit-flow-detail-auditor.png

EPC diagram#

The EPC diagram is used for process descriptions and workflow modelling. It looks like this for the audit flow.

../_images/audit-flow-epc.png

Adding a completed approval flow#

Adding the approval flow to an audit one is possible in the flow details by clicking Add flow.

Parameter

Required

Description

Identification

No

Identification of the added approval flow. Used for better orientation.

Flows

Yes

Only completed and client-approved approval flows can be added to an audit flow. Each record can be added to the flow only once.

Removing the approval flow#

An authorized user can remove the approval flow from an audit flow by clicking the trash can and then confirm it in the modal window.

Audit of individual approval flows#

Auditor has the ability to review, comment on and close audit records in the audit flow.

../_images/audit-flows-individual-audit.png

After clicking on the Finish Audit button, a modal window is opened for the auditor to confirm the completion Audit.

../_images/audit-finish-modal.png

An approval flow whose audit has been completing is displayed in the audit flow detail as follows.

../_images/audit-flow-finish-indiv-detail.png

Completing audit flow#

When the audit of all approval flows is completed, the auditor is given the option to close the audit flow via the Finish Audit button in the flow detail header.

../_images/audit-flow-finish.png

You must still confirm the completion of the audit in the modal window.

../_images/audit-flow-finish-modal.png

Comments#

Authorized users can add comments to all the flows. All comments can be viewed by clicking on the Comments button, which opens a page with a list of existing comments and a form to add a new one.

Adding comment#

You can add a comment after filling in the appropriate field for entering the text of the comment and submitting it by clicking the Add comment button.

Internal and public comments#

Users can add internal and public comments. Internal comments are not displayed to the clients for which the flow is processed. Administrators, managers, analysts, and auditors can see all logged comments and attachments.

Attachments to comments#

It is possible to add attachments to each comment. To select multiple attachments, hold down the CTRL key and left-click to select multiple files to upload, or select all files to upload and drag them with the mouse into the file upload box.

Export flow#

Export of the flow detail is possible in the appropriate module by clicking on the Export button and selecting the type exports.

../_images/audit-flow-export.png

Export to MS Excel#

The export of the flows detail to the Microsoft Excel workbook has the following values. The report language is adapted by the currently used application language.

Column name

Description

#

Record number in the export

ID

Identification for better orientation in the system

Deadline

Date for processing

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Client’s approval

Status - only approved flows can be in this flow type. If this column contained a value other than Approved, there’s a mistake somewhere.

Approval by

The user of the client who approved the analysis.

Approval date

Date of the approval

Approval time

Time of the approval

Status

Waiting for audit / Audit completed.

Audited by

Auditor, who completed the audit of this section.

Audit completed date

Date of completion of the audit part.

Audit completed time

Time of completion of the audit part.

Created at

Date the record was created.

Creation time

Time the record was created.

Created by

Email of user who created the record.

Modified

The date when record was last modified.

Modification time

The time when record was last modified.

Modified by

Email of user who made the last changes.

Export to PDF#

Exporting the flow detail to PDF format contains an inventory similar to the listing in the application. Includes the following information. The language of the report is adapted by the currently used language of the application.

Column name

Description

ID

Identification for better orientation in the system

Deadline

Date for processing

Responsible manager

A user with the role of Risk Manager who is responsible for completing the flow.

Client’s approval

Status - only approved flows can be in this flow type. If this column contained a value other than Approved, there’s a mistake somewhere.

The column contains information about the client that approved the flow and also information about when the action was taken.

Stav

Audit completion status. In the case of a completed audit, this column additionally contains information about which auditor completed the audit and when they took this action.

Export to JSON#

Exporting flow details to JSON format is available only to instance administrators. This type of export can only be used in the Enterprise license. The exported file can serve as a simple backup or can be used to import into third-party applications.