To record risk assessments that have been undertaken for a third party firm you have outsourced to, you would:
Click WORKBENCH and then click DATASETS.
Then click SM&CR.
Then choose Senior Managers Regime.
Then click on Outsourcing.Then select Outsourcer due diligence.
A list of all third party providers for which you have recorded due diligence checks will appear.
If a due diligence record has not yet been created, you would need to create a new one - see here for more details. Create this record, and then follow steps 7 onwards below.
To add a risk assessment to an existing record - click on the supplier you'd like to amend.
In the pop-up window that appears, select EDIT.
Scroll down to Suitability analysis and risk assessment.
In this section there is a field for Outsourcer risk assesment with a button.
If you have already created risk assesment and want to view or edit it, the button will say View Table - see step 12 below.
If you are creating a new risk assessment the button will say Link table - see steps 13 and onwards below.
In either event, click this button for a new pop window.
If there is already an assessment present, you can view the details now, if you want to edit this information, click EDIT in the bottom-right corner of the pop up and follow on from step 16 below.
If this is the first risk assesment you have performed a different pop up window will appear, asking if you want to create a new table or link to an existing one.
Select the New option and the click confirm.
You'll then be presented with an empty table dataset to record your risk assessment.
At the header of this table, you can:
Use the Dataset Description field to give this record a useful descriptive name.
Use the dropdown menu next to Outsourcer risk assessment to select the third party company for which you are conducting the assessment. If the company is not in the list, you will need to create it in Corterum first and then come back to complete this form afterwards -see here for more details.
In the body of this table, you can record multiple risks, their assessment and the assessment outcomes. Each risk is a 'row' in this data set, and for each risk you'll need to:
Use the date picker field under Date to select the date the assessment was performed.
Use the dropdown box under Risk to choose the risk under assesment.
If you selected 'Other' from the dropdown box, you can use the Risk (if Other) free text box to give details of the risk being assessed.
Assign the risk a RAG status in the Risk status dropdown box.
Indicate whether remediation is needed using the dropdown box under Remediation required?.
Use the date picker under Remediation deadline to choose a date by which any remediation is complete (if required).
Use the dropdown box under Account Executive to choose the person in your firm responsible for this relationship.
Use the free text box under Service Provider contact to give the contact name of your contact in the 3rd party firm.
You can use the Comments free text box to add any context or commentary to this assessment record,
Finally, you can use the documents button to upload any supporting documentation (if required).
If you need to create more risk entries in the assessment, click ADD ROW. Otherwise, click SAVE and then CLOSE.