We have a large organization with multiple separate business units. Each business unit has its own ‘Risk Manager’ who has access to Eramba. We want to achieve the following:
a) Provide every Risk Manager with insight into organization-wide risks.
b) Allow every Risk Manager to register and view risks specific to their own business unit.
c) Restrict editing capabilities so that Risk Managers can only edit risks specific to their own business unit and not organization-wide risks.
We have successfully implemented points (a) and (b). However, it appears to be impossible to implement point (c). When we create a specific group for a business unit and grant that group the ability to edit risks, it also allows them to edit other visible risks (including organization-wide risks that are managed by a dedicated team).
Could you please elaborate? I’m not sure I fully understand. We’ve already assigned risk managers to different groups, allowing them to only view and edit their risks. However, we also want these risk managers to see organization-wide risks that affect them but are managed by others. We don’t want them to have the option to edit these specific risks, but it would be fine if they could create a report on them.
Risk manager1 member of Rgroup1
Risk manger2 member of Rgroup2
Risk1.x (risks connected to Risk manager 1) for all risk you set “Risk Originator Contact”: Rgroup1
Risk2.x (risks connected to Risk manager 1) for all risk you set “Risk Originator Contact” is Rgroup2
Now B and C is done, but they don’t see the whole picture, so we have to deal with A You can create a report which contains all risks and send it every week/month (as you want) to Rgroup1 and Rgroup2. I think in this way A is done (if I have not misunderstood you)
Sorry I haven’t used “Risk1.x” to explain at the end, so just ignore them
I am not sure this is what we are looking for, but you did give me an idea. The reports generated by Eramba unfortunately don’t fully meet our needs and creating a weekly report manually would be too labor-intensive. We might experiment in a next phase with the APIs to export data to a different dashboard, giving us more control over the presentation.
whatever they “see” they will be able to edit or not (depending on your choice), therefore the way around is to make sure they only see the items they own.