Cura Report Writer Training

[Virtual Presenter] The presentation aims to introduce the audience to the concept of consumerism and creativity, highlighting their influence on our daily lives. It will analyze recent trends, innovations, and findings, and examine how they affect our consumer choices..

[Audio] Cura is a comprehensive risk management, compliance, and performance management software solution. It is a centralized repository of information that collects, stores, and organizes data related to an organization's governance. Cura provides a structured and flexible view of risk, compliance, and performance information relevant to each part of the organization. The software uses a range of concepts, including risk, control, methodology, domain, sub-domain, task, assessment, and contact. These concepts are essential to understanding how Cura works and how it can be used to support organizational goals..

[Audio] Control Assessment tab allows you to assess the control effectiveness by providing a summary of the controls implemented to mitigate the identified risks. This tab also enables you to identify any gaps in the control implementation. The Control Assessment tab is used to evaluate the perceived control effectiveness against the desired control effectiveness..

[Audio] ERM reports provide valuable insights into the organization's risk profile. These reports enable users to track and analyze risk appetite and tolerance levels over time. With these reports, stakeholders can identify trends and patterns in risk exposure and adjust their strategies accordingly..

[Audio] Cura is a range of software solutions designed to meet and overcome the challenges faced by modern organizations. It is a central repository of information that collects, stores, and organizes data related to an organization's governance. Cura presents a structured and flexible view of risk, compliance, and performance information relevant to each part of the organization..

[Audio] Cura uses the term "methodology" to refer to various concepts, including the terminology employed, such as Risk or hazard, Control or mitigation. It also defines the fields recorded against Risks and Controls for evaluation purposes and the structure and terminology utilized in a knowledge base. Nodes in computer language denote fundamental units in which lists, folders, and tree data structures are constructed or programmed. Risks represent the likelihood of something occurring that will have an impact on an organization's objectives. Sub-domains in programming and software language signify areas that belong to and literally fall beneath a larger domain. In the context of your company, your department might be established as a sub-domain in Cura. Tasks rely on one's circumstances, but they can encompass a variety of actions or instructions, such as duties, responsibilities, or specific assignments. These tasks are tracked, analyzed, and computed by Cura Solutions..

[Audio] The Home Page offers a straightforward method to navigate the system. By clicking once, you can access specific items, thereby simplifying the process of finding what you need. This intuitive interface enables you to rapidly locate the information you require..

[Audio] eThekwini Domains are the legal entities or management divisions for which there are Risk Registers. A risk register is a detailed list of all the risks for a particular legal entity or management division of eThekwini. Self-service dashboards enable users to customize their reports. Custom-built reports can be used in various assessments and are specific to eThekwini. My Cards display a list of all entities assigned to the user, including tasks, notes, and notifications. Advanced Admin features comprise advanced options like templates, accessible only to Super Users..

[Audio] To access your account, you can click on this icon. Here, you'll find options to choose a theme or log out. On the main zone page, you'll see tiles providing access to key functionalities, dashboards, and reports that you need. The view displayed is based on the permissions assigned to each user. With these tiles, you can navigate through the different areas, including domain details, assessment details, and risk information. By clicking on the desired tile, you can view more detailed information..

[Audio] The Cura Domain structure is highly flexible, allowing unlimited levels to be created. This flexibility, however, requires careful planning to ensure effective management of items and reporting on key areas. When deciding whether to create multiple sub-domains for different business units or separate assessments within a single domain, consider the potential impact on reporting. With this structure, domains can be easily reorganized if organizational restructuring occurs. Any organization, region, or department falling under the main organization is considered a sub-domain, and organizations can have as many levels or sub-domains as needed. The Domain structure is flexible, with no limitations on the number of levels that can be created. In Cura, domains, sub-domains, assessments, and assessment items can be accessed through the Domains tile under the Solution list or by clicking on the Domain icon in the shortcut bar. A Domain tile will always contain a folder for assessments, tasks, and sub-domains. A sub-domain is the next level of the structure, falling under a domain. Cura also displays the number of items in each option. Selecting the sub-domains tile shows the same structure applies. The Domain structure can be viewed in Tree View, providing a visual representation of the organization's hierarchy..

[Audio] When considering the Domain Structure, methodologies chosen for a Domain dictate which templates can be used within that Domain. This means that if the methodology in an Assessment doesn't align with the methodologies of the Domain, you won't be able to copy a template into that Domain. Having a Recycle Bin Domain can be useful, allowing users to move unwanted items instead of deleting them. As a Domain administrator, you'll have the necessary permissions to manage Domains and Sub-Domains, including adding, editing, or deleting them. Once something's deleted in Cura, it's gone forever - there's no 'Undo' or 'Backspace' option to restore it. If you delete a Domain, all its associated Sub-domains and Assessments will also be erased..

[Audio] To create risks in the Knowledgebase, first navigate to the shortcut bar and click on the Knowledgebase icon, displaying a list of all available knowledgebases. Next, click on the Business Elements tile, showing you a list of all business elements along with their respective entities. Finally, navigate to the top of the window and click on the Add button to begin creating your risk categories..

[Audio] When creating a new risk assessment, it's essential to define the category for the risks we're going to work with. We must navigate to the Knowledgebase Entity window, populate the name of the category, and provide a detailed description of the risk category in the description field. After completing these steps, we should save the changes. This allows us to add risks to the category later. By returning to the Knowledgebases window, clicking on the Risks tile, and then clicking on the Add button, we can begin adding risks to our newly created category..

[Audio] To enter a risk, first enter the name of the risk, which helps identify the risk and provides a clear understanding of what it is. Then, describe the risk in detail, including its impact and likelihood. After that, click the Save & Close button to complete the risk capturing process. By doing so, you will have successfully captured a risk and added it to your domain..

[Audio] To create a new domain, click on the Create Domain icon in the Domains window. This opens the New Domain window where you'll enter a name and description for your domain. Then, click on the Methodologies tab and select one or more methodologies to be used for this domain. After that, click the Save button to trigger the security tab..

[Audio] To assign user permissions on the domain, click on the security tab. Next, select the user/user group icon to assign permitted users access to the domain. The permissions of the user groups, including read, write, modify, will apply to this domain. After completing these steps, click on the save and close button to save the domain. The new domain will then be included into the domain structure..

[Audio] To edit a Domain or Sub-Domain, first navigate to the Domain you wish to edit from within the application. Then, click on the Domain Name to open the Domain window. In the Domain window, you can update the Name and Description fields under the General tab. Next, move to the Methodologies tab where you'll find the list of available methodologies for this Domain and its Sub-Domains. Finally, select the applicable methodologies by checking the corresponding checkboxes..

[Audio] To manage user permissions on a Domain, click on the Security tab. On this tab, you can add or remove users who are permitted to access this Domain. Specify which users should have permission on this Domain by clicking on the User/User Group icon. After making your selections, click on the Save & Close button to save your changes. Note that a Methodology must be selected at the Parent Domain level to be available as an option on a Sub-Domain. This enables the creation of Assessment templates that can be used across multiple domains. Templates can be customized with Contexts and elements to streamline your workflow. Once copied to your Domain, you can remove any unnecessary items..

[Audio] Assessments in Cura are linked to methodologies, which determine various aspects of the assessment process. These include the fields on the assessment worksheet, the fields on the assessed values, custom fields tabs of items and controls, minimum and maximum values, descriptive labels, calculated fields, and terminology. Methodologies define what is being measured and how it's being measured. Companies create their own methodologies using the Cura Builder tool and import them into their Cura database, allowing them to tailor their assessment process to their specific needs..

[Audio] Assess icons identify the status of assessments, providing information about whether an assessment is active, static, or inactive. The colours and icons help users understand the current state of the assessment. Assessment templates are pre-built assessments that can be customized to suit individual needs, containing various elements such as contexts, risks, controls, tasks, and contact people. These elements are grouped together to facilitate measurement and evaluation of potential risks and their associated controls..

[Audio] To create a new Risk Assessment, navigate to the Home Page and click on the Domains tile. Then, navigate to your Domain or Subdomain and click on the Assessments tile. Next, click on the Create Assessment icon. In the Assessments window, capture the following Assessment fields: enter the name of the new Assessment, select eThekwini ERM as the methodology, check the Active checkbox to make the Assessment active, check the Static checkbox to import risks from the Knowledgebase, and provide a description for your Assessment..

[Audio] Click on the Parameters tab. Then, click on the double arrows to select all configured Parameters within your Methodology. After that, click on the Save button to save your new Assessment. Your new Assessment will be added to the Domain..

[Audio] To copy an assessment template, navigate to the domains list and click on the assessments tile. Click on the ellipses next to the assessment you want to copy, then click on the copy assessment icon. In the copy assessment window, you can edit the name of the copied assessment and choose the destination by selecting the desired domain or subdomain. Under options, select the activate copied assessment option, and optionally reset tasks, remove contacts, clear assessed values, or remove links. Finally, click on the go to copied assessment link to access the newly copied assessment..

[Audio] When copying an Assessment, you have options to remove contacts, clear assessed values, remove links, activate the copied Assessment, or go to the copied Assessment. These options enable customization of the copying process to suit specific needs. By clicking the Copy Assessment icon, a duplicate of the original Assessment is created, which can then be used in your Business Unit..

[Audio] To import risks into your assessment, click on the Assessment Model tab. Next, click on the Import from Knowledgebase icon. In the Knowledgebase, click the arrow next to ERM Risks to expand and access Risks, Controls and Risk Categories. Check the checkboxes next to each element. After selecting the desired risks and linked elements, click the Select button. Verify that all selected risks and linked elements are successfully imported. Finally, click on the Save & Close button to save your imported risks..

[Audio] To capture a new risk, navigate to your new domain and click on the assessments tile. Next, navigate to the risks tile within the assessments window. Finally, click on the create new icon to open the assessment library, where all imported risks are displayed in the list view..

[Audio] To navigate to the Risk Categories, click on the Tree tab, which shows all your Risk Categories. Find the Category where the risk you want to assess is linked, click on the arrow next to it to expand and select a risk by clicking on its name. Link controls to the selected risk by checking the Copy Controls checkbox, then click on the Select button. Proceed to the General tab, where you'll see that the Name and Description fields are prepopulated from the Knowledgebase. Remember to save your changes by clicking on the Save button before moving on to the Risk Classification tab..

[Audio] Now, we navigate to the Risk Classification tab. There, we define the type of risk we are dealing with. We can choose between operational and strategic risk types. After making our selection, we provide some background information about the risk. This may include details such as its likelihood and potential impact. Then, we identify the relevant risk categories. These categories help us group similar risks together and prioritize our efforts accordingly. By selecting the appropriate categories, we ensure that we focus on the most critical risks first..

[Audio] To link objectives to a risk, click on the Linked items icon. This opens the Linked Items window where you can select the objective you want to link to the risk. Simply place a checkmark next to the desired objective and then click OK to confirm the link. By doing so, you ensure that the objective is closely tied to the specific risk being assessed..

[Audio] To link objectives to a risk, one needs to place a check next to the desired objective and then click the link button. This action makes the objective appear below the risk. Furthermore, it is necessary to link root causes to the risk by clicking the linked items icon and selecting the root cause to be linked. The linked root causes will also display below the risk..

[Audio] Now we are going to verify that our selected KRI is linked successfully to the risk. We click on the Linked items icon to link Consequences to risk. We place a check next to Consequence(s) to select, then click to link the selected Consequence(s). We ensure that our KRI is correctly linked to the risk..

[Audio] Now, we will confirm that our Key Risk Indicator is correctly linked to the risk. We will use the Linked Items icon to do so. First, we click on it. Next, we select the consequences by placing a checkmark next to them. Finally, we click the link button to establish the connection between the KRI and the risk. We must ensure everything is properly linked..

[Audio] Now, let's verify that our selected consequence items are correctly linked to our risk. We review the information below to ensure accuracy. Once satisfied, we can save our changes and proceed to the Risk Analysis tab. There, we select the Impact and Likelihood ratings, which gives us the Inherent Risk Exposure based on those ratings. We take a closer look..

[Audio] As the system calculates the Risk Appetite Status and Priority based on the Control/Mitigation ratings, it is crucial to focus on populating the Desired Residual Risk Rating. A range of options is available in the dropdown menu, and selecting the most suitable one is essential. Additionally, capturing the Potential Exposure helps to better comprehend the risk's impact. It is vital to check the box next to the relevant Assurance Function to ensure comprehensive coverage. Before progressing to the Mitigation tab, click the Save button..

[Audio] To create a new mitigation, click on the Mitigation tab. Then, click on the Add button. This allows you to capture the mitigation's name and description..

[Audio] Select the mitigation name and description. Click the Save button to save before navigating to the Control Assessment tab. From there, select the control type from the dropdown list and choose the perceived control effectiveness. Identify the desired control effectiveness. Then, click the Save button again before proceeding to the Contacts tab..

[Audio] To continue assigning contacts, navigate to the Contacts tab. Select the contact you want to assign by checking the box next to their name. Move the selected contact to the Assigned Contacts column by clicking the arrow. Assign a role to the contact by clicking on the role dropdown menu. Ensure the notification checkbox is enabled if you want the assigned contact to receive notifications. Finally, click the Save & Close button to save your changes and return to the risk window..

[Audio] Now, we will review the risk window. We have added a new mitigation strategy. To confirm this change, we will click the Save button. This ensures our updates are saved correctly. Next, we will navigate to the Contacts tab. Here, we can manage contacts associated with this risk. We will start by adding or editing existing contacts. In the Contacts window, select the contact you want to assign by checking the box next to their name. Then, click the arrow to move them to the Assigned Contacts column..

[Audio] To continue with the action plan, click the role under the role column to assign an applicable role to the assigned contact. Next, enable the notification checkbox for the assigned contact to be notified. Finally, click the save button before moving on to the tasks tab. From there, navigate to the tasks tab, then click the add button, followed by selecting advanced tasks assessment to add a new action plan..

[Audio] To enter the necessary details for your Action Plan, go under the General tab. Before proceeding to the Action Plan Details tab, click the Save button first. There, you must provide additional information about your plan..

[Audio] To continue assigning action owners, click on the Add/Edit button to open the Contacts window. Select the contact to assign by checking the box next to their name. Move the selected contact to the Assigned Contacts column by clicking the arrow. Assign an applicable role to the assigned contact by clicking on the Role column..

[Audio] To ensure the assigned contact is notified, check the notification checkbox. This will keep them updated on the progress of the action plan. Afterward, use the save and close button to save the changes and go back to the risk window. Confirm that the action plan is properly linked to the risk. Finally, click the save and close button once more to finish the risk assessment process..

[Audio] The Cura Risk Toolbar is a collection of shortcut icons situated above the Risk Record. Below, it displays a list of icons along with their descriptions and functions. Entities such as Risk can be assessed in various views, including Tab View, Workflow View, and List View. These icons perform specific tasks, allowing users to navigate and assess risks efficiently..

[Audio] When reviewing risk information, it's essential to remember to click the Save button to ensure any changes are recorded. With State View, you can easily view and assess risks in a clear table format. Additionally, you can import data from Excel into the system, which is particularly useful when linking controls to specific risks..

[Audio] Administrators can assign permissions to a specific entity, such as a risk, control, or task, to users who do not have permissions on the assessment, but only need permission for that particular entity. These users can then grant read and modify permissions on that entity and revoke them later if needed. This flexibility allows administrators and risk managers to assign permissions to specific entities without giving access to the entire assessment. Furthermore, contacts assigned to these entities can receive notifications about the progress of tasks related to those entities through email..

[Audio] We can establish ad hoc trend points in Cura to track changes in our data. These trend points can be viewed on any field within a workflow or solution by selecting the trend point arrow button. This visualisation helps identify patterns and anomalies in our data. We can also view these trend points as a graph by clicking on the graph function. Note that trend points are permission-based, requiring users with the appropriate permissions to create and view them. Linked entities can also be viewed in a mind map, providing a simple view of all nested linked entities. This feature allows drilling down to the last child, retaining the entire chain..

[Audio] Hierarchical View allows the user to see any entities linked to the parent entity. For instance, selecting an Audit displays all the risks and audits connected to it. This view facilitates visualization of the relationships between these entities. Furthermore, the Bowtie analysis presents a clear depiction of the risk management process, separating proactive and reactive approaches. Through this diagram, we can detect gaps, illustrate control over risks, and verify the competence and control requirements are fulfilled. This enables us to concentrate on the crucial systems of our risk management process..

[Audio] You can use this icon to copy or move a record to another assessment in a few simple steps. Provide the destination where the entity must be copied. Then, choose one of the options as required, including resetting tasks, removing contacts, clearing assessed values, and removing links. By selecting these options, you can copy or move the entity to the selected destination with the desired changes. Additionally, you can use the "Lock for all" feature to lock a record for all users, preventing any further modifications once it's locked..

[Audio] When you want to protect sensitive data within a risk item, you can choose the Encrypt For All option. This ensures that the data remains confidential even if someone has access to the record. You'll also need to specify who else should have access to the encrypted record. Keep in mind that encrypting and decrypting are permission-based features, so only authorized users will be able to perform these actions. We also have the My Cards tool, which helps you manage your personal items like notifications, tasks, and reports assigned to you. From the shortcut bar, click on My Cards to access this feature. Within My Cards, you can view all your assigned tasks and action plans by clicking on My Tasks. Here, you can filter tasks by status and view detailed information about each task. You can also update task details, change due dates, and add notes. Remember to save your changes once you've completed updating a task..

[Audio] To view all notifications, click on the My Notifications tile. Here, you'll see a list of all notifications that have been sent to you. Items with open envelopes indicate that they've been read, while those with closed envelopes remain unread. You can also filter these notifications by selecting whether you want to view only read, unread, complete, or incomplete notifications. This helps you stay on top of your responsibilities as an Entity Owner, reviewing and updating risks and controls regularly, and as an Action Owner, keeping your actions and tasks current..