MeRLIN Buyer Portal Knowledge Base

Risk Register

143 views 0

Written by MeRLIN Help Admin
January 24, 2023

The Supplier Risk Register is a consolidation of all risks associated with a Supplier collated from different sources. The sources of the Risk Register will grow over time. However, the following sources will be active:

  • Supplier Compliance Survey
  • In-person Audit
  • Whistleblower complaints
  • GDACS Alerts consolidation
  • Twitter consolidation
  • Creditreform

The following attributes of risks will also be identified:

  • Type of Risk
  • Source of Risk
  • Impact
  • Identified On
  • Action
  • Responsible Person

Menu Path: Supply Chain Compliance >> Risk register

Available Actions:

    • Respond to Risk: You can start providing comments and attachments to the risk.
    • Close Risk: Once the risk has been properly addressed the risk manager can then close the risk. This closure goes through an approval process.
    • Risk Closure Approval Workflow: Displays the approval workflow of the risk closure process.
    • Change Risk Manager: You can assign the selected Risk to a New Risk Manager.
      • View Details: View the Risk details.
      • Assign Risk Manager: Choose a risk manager from the list of users. Here the “Assign to me” option is also enabled.
      • Edit: Edit the risk already created, both ad-hoc and auto-created due to non-compliance.
      • Risk Approval Workflow: Displays the approval workflow of the risk in detail.Change Risk Resolution: The Risk Manager will be able to make changes to the Resolution Description even after the Risk is approved and published and before it is closed.
      • Ability to view the Source of the Risk if the Source is from MeRLIN business process under Created By column.

Risk Life Cycle

Given below is the typical life cycle of risk along with the transitions based on actions.

  • Any business process within Compliance can create a Risk automatically and make an entry in MeRLIN’s Risk Register. For example, non-compliance is identified during Compliance audits, In-person audits.
  • A draft Risk identified by any business process is reviewed by a Risk Manager and
    • Accepts as a valid risk. Accepted risks are available for further processing.
    • Rejects with a reason. Rejected risks are archived and not available for further processing
  • After the final internal approval of the risk, Risk Manager publishes the risk to the associated Response Owners, and it reaches the designated Risk Representative of the Supplier or the Response Owner in the buying organization.
  • The Risk Representative of the Supplier or the Response Owner understands the Risk and responds appropriately by explaining along with preventive/corrective actions.
  • The Risk Manager analyses the Supplier response and:
    • Accepts the response. Risks with accepted responses can be closed by the Risk Manager
    • Rejects with a reason. Rejected responses are sent back to the Supplier or Response Owner for revised responses.

Was this helpful?