RSA ARCHER

Strategic Risk Management

6.5 P2 and Later
Contact Information
Go to the RSA corporate web site for regional Customer Support telephone and fax
numbers:https://community.rsa.com/community/rsa-customer-support.

Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and Dell are either registered trademarks or trademarks of Dell
Corporation ("Dell") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go towww.emc.com/legal/emc-corporation-trademarks.htm.

License agreement
This software and the associated documentation are proprietary and confidential to Dell, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below.
This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other
person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by Dell.

Third-party licenses
This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-
party software in this product may be viewed on RSA.com. By using this product, a user of this product agrees to be fully
bound by terms of the license agreements.

Note on encryption technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
For secure sites, Dell recommends that the software be installed onto encrypted storage for secure operations.
For customers in high security zones, Dell recommends that a full application sanitization and reinstallation from backup occur
when sensitive or classified information is spilled.

Note on Section 508 Compliance

The RSA Archer® Suite is built on web technologies which can be used with assistive technologies, such as screen readers,
magnifiers, and contrast tools. While these tools are not yet fully supported, RSA is committed to improving the experience of
users of these technologies as part of our ongoing product road map for RSA Archer.
The RSA Archer Mobile App can be used with assistive technologies built into iOS. While there remain some gaps in support,
RSA is committed to improving the experience of users of these technologies as part of our ongoing product road map for the
RSA Archer Mobile App.

Distribution
Use, copying, and distribution of any Dell software described in this publication requires an applicable software license.
Dell believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice. Use of the software described herein does not ensure compliance with any laws, rules, or regulations, including
privacy laws that apply to RSA’s customer’s businesses. Use of this software should not be a substitute for consultation with
professional advisors, including legal advisors. No contractual obligations are formed by publication of these documents.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." DELL INC. MAKES NO REPRESENTATIONS
OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND
SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
Copyright 2010-2019 Dell, Inc. or its subsidiaries. All Rights Reserved. May 2019
RSA Archer Strategic Risk Management

Table of Contents
Chapter 1: Overview of RSA Archer Strategic Risk Management ................................................................. 5
About RSA Archer Strategic Risk Management ........................................................................................ 5
Key Features and Benefits ........................................................................................................................ 5
Key Terminology ....................................................................................................................................... 6
Prerequisites (ODA and system requirements) ........................................................................................ 7
Compatible Use Cases and Applications ................................................................................................... 7
Related Applications ............................................................................................................................. 7
Chapter 2: RSA Archer Strategic Risk Management Components ................................................................ 9
Architecture Diagram ................................................................................................................................ 9
Swim Lane Diagram................................................................................................................................. 10
Applications............................................................................................................................................. 10
Personas and Access Roles ..................................................................................................................... 11
Permissions Chart ................................................................................................................................... 11
Chapter 3: Installing RSA Archer Strategic Risk Management .................................................................... 12
Task 1: Prepare for the Installation ...................................................................................................... 12
Task 2: Install the Package ................................................................................................................... 12
Task 3: Test the Installation ................................................................................................................. 12
Installing the RSA Archer Strategic Risk Management Package ............................................................. 12
Task 1: Back Up Your Database ........................................................................................................... 12
Task 2: Import the Package ................................................................................................................. 12
Task 3: Map Objects in the Package .................................................................................................... 13
Task 4: Install the Package.................................................................................................................... 15
Task 5: Review the Package Installation Log ....................................................................................... 16
Chapter 4: Using RSA Archer Strategic Risk Management ......................................................................... 17
Task A: Create Strategic Risk Record ...................................................................................................... 17
Task B: Generate Strategic Risk Assessment .......................................................................................... 17
Task C: Complete Risk Rating .................................................................................................................. 17
Task D: Assess Level of Preparedness ..................................................................................................... 18
Task E: Monitor Remediation Execution ................................................................................................. 19
Task F: Overall Recommendation ........................................................................................................... 19

3
RSA Archer Strategic Risk Management

Task G: Re-assess Strategic Risk .............................................................................................................. 19

Troubleshooting Guidelines: ....................................................................................................................... 21

4
RSA Archer Strategic Risk Management

Chapter 1: Overview of RSA Archer Strategic Risk

Management
About RSA Archer Strategic Risk Management

Management struggles throughout all levels within an organization to proactively identify when risks
impact the execution of an organization's strategy. Management must relate strategic risks to their
strategies and know when to implement action plans that minimize risks and monitor the performance
of those action plans. Strategic Risk Management is a business discipline that involves identifying,
assessing, and managing risks and uncertainties, affected by internal and external events or scenarios,
that could inhibit an organization's ability to achieve its strategy, strategic objectives, and execution.
Strategic Risk Management can potentially identify situations in which risk can be a competitive
advantage instead of a threat to the strategic plan. Strategic Risk Management encompasses the
interdisciplinary intersection of strategic planning, risk management, and strategy execution in
managing risks and seizing opportunities, which protects against losses, reducing uncertainties and
seizing opportunities, to enable better performance in achieving the organization’s objectives and
greater resilience in an uncertain environment.

Strategic risks may include:

• Shifts in consumer demand and preferences

• Legal and regulatory change
• Competitive pressure
• Merger integration
• Technological changes
• Senior management turnover
• Stakeholder pressure

By monitoring strategic risks within an organization, management can be prepared and proactively
define plans to minimize the impacts to the organization, should the risks exceed the organization's
tolerance.

Key Features and Benefits

Key ben efit s

The RSA Archer Strategic Risk Management App-Pack provides:

• Consistent and repeatable process for identifying and mitigating strategic risk
• Strategic risk alignment with the organization's risk tolerance
• Understanding of the level of preparedness against risks that impact the organization
• A minimized strategic risk for successful strategy execution

5
RSA Archer Strategic Risk Management

Key Terminology

Application. Database that stores a specific type of data record, for example, policies, assessments,
assets, threats, vulnerabilities, and controls.

Authorized User. A user who has logged into the system and has a right to perform some operation. The
system knows the identity and permissions granted to this individual.

Cross-Reference. A field type that allows users to create associations between records in the same
application (internal references) or records in two separate applications (external references). By adding
a cross-reference to an application, the system automatically adds a Related Record field.

Dashboard. With reports defined and saved in the inventory of system reports, those identified as
Global Reports can be added to dashboards. Each dashboard can include one of many reports in the
format they were saved.

Notifications. Emails sent from RSA Archer to Users or Groups, based on a schedule or a change in the
record status.

Record. A collection of field values, stored within applications, sub-forms, or questionnaires.

Report. Saved search criteria that can be run again later. In RSA Archer, the construct for reports is a
combination of a query and its related output presentation options. The data returned is filtered by a
user permission, allowing users to see only the data for which they have been granted access.

Sub-Form. For one application, administrators can develop multiple sub-forms to hold all related data.
Sub-forms can be shared across applications; however, changing a sub-form affects all applications using
that sub-form.

Task. Action items that have been assigned to a user in relation to the Support Request.

User. Any person who uses and is registered within the system. In this guide, the user is assumed to be
an employee using RSA Archer Support Requests.

User Profile. Preferences of the registered user that are saved within the system.

Workspace. Display mechanism that provides the user with a way to access their data.

6
RSA Archer Strategic Risk Management

Prerequisites (ODA and system requirements)

Components Recommended Software

Operating Windows Server 2012 R2
System
Database Microsoft SQL Server 2014 (64-bit)
Server
Services Server Java Runtime Environment (JRE) 8 (64-bit)
RSA Archer RSA Archer 6.5 P2 and later
On-Demand The RSA Archer Strategic Risk Management App-Pack requires one (1) On-Demand
Licenses Application license and one (1) Questionnaire.

Pre-Requisite Requirements for the installation and operation of RSA Archer Strategic Risk
Applications Management includes the following use cases:
• Findings – (RSA Archer Issues Management)
• Exception Requests – (RSA Archer Issues Management)
• Remediation Plans – (RSA Archer Issues Management)

The following applications are optional:

• Control Procedures
• Business Unit
• Business Process
• Strategies
• Risk Register
• Corporate Objectives

Compatible Use Cases and Applications

Related Applications
Application Use Case Primary Purpose(s) of the Relationship
Strategies RSA Archer Strategic Planning App- • To relate strategic risks to organization
Pack strategies and know when to implement
action plans that can minimize the risks
related to strategies.

Control RSA Archer IT Controls Assurance, • To relate controls that will be applied to
Procedures RSA Archer Information Security reduce the strategic risk.
Management System, RSA Archer
PCI Management, RSA Archer IT Risk
Management, RSA Archer Controls
Assurance Program Management,
RSA Archer Data Governance, RSA
Archer Top-Down Assessment, RSA

7
RSA Archer Strategic Risk Management

Archer Federal Assessments &

Authorization
Business Unit RSA Archer Issues Management, RSA • To relate Business Units that will be
Archer Business Impact Analysis,
affected by the strategic risk.
RSA Archer Third Party Catalog, RSA
Archer Policy Program
Management, RSA Archer Cyber
Incident & Breach Response, RSA
Archer Key Indicator Management,
RSA Archer IT Asset Catalog **, RSA
Archer Business Asset Catalog **,
RSA Archer Federal Assessments &
Authorizations, RSA Archer Federal
Continuous Monitoring
Business RSA Archer Audit Engagements & • To relate process that will be affected by
Process Workpapers, RSA Archer Business the strategic risk
Impact Analysis, RSA Archer IT Risk
Management, RSA Archer Controls
Assurance Program Management,
RSA Archer Data Governance, RSA
Archer Top-Down Assessment, RSA
Archer Policy Program
Management, RSA Archer IT
Controls Assurance, RSA Archer
Business Asset Catalog **, RSA
Archer Bottom-Up Risk Assessment,
RSA Archer Federal Assessments &
Authorizations, RSA Archer Federal
Continuous Monitoring
Risk Register RSA Archer Information Security • To relate strategic risk to risks
Management System, RSA Archer IT
Risk Management, RSA Archer Risk
Catalog, RSA Archer Top-Down
Assessment
Corporate RSA Archer Policy Program • To relate corporate objectives that will be
Objectives Management, RSA Archer Controls
affected by the strategic risk.
Monitoring Program Management,
RSA Archer Business Asset Catalog,
RSA Archer Operational Risk
Management

8
RSA Archer Strategic Risk Management

Chapter 2: RSA Archer Strategic Risk Management

Components
Architecture Diagram

The following diagram shows the relationship between the applications in RSA Archer Strategic Risk
Management.

Business Unit Business Process Strategies Risk Register Corporate Objectives

Strategic Risk

Strategic Risk Assessment Control Procedures

Findings

Remediation Plans Exception Requests

RSA Archer Strategic Risk RSA Archer Strategic Mandatory Reference

Management App-Pack Planning App-pack
Optional Reference
Core Application

9
RSA Archer Strategic Risk Management

Swim Lane Diagram

The following diagram shows the general workflow of the App-Pack.

Strategic Risk Management

Re-assess

Complete Strategic Risk Qualitative Is level of Preparedness

Identify and create Strategic Risk Determine Level of Preparedness Communicate Strategic Risks
Asessment within Tolerance?
Yes

Approve

No
Strategic Risk Manager

Open Finding and Assign it to Review Remediation Plan

Strategies Manager

Reject
Create Remediation Plan Submit Remediation Plan

Update Remediation Plan

Strategies Manager

Applications

The following table describes the applications in RSA Archer Strategic Risk Management.

Application Description
Strategic Risk The Strategic Risk application documents all the information when a strategic risk
is identified, captures an overview of the strategic risk assessment, and findings
and remediation plans resulting from the assessment.
Strategic Risk The Strategic Risk Assessment is a questionnaire used to determine the likelihood
Assessment and impact of the risk and the level of preparedness. Controls can be referenced, if
available, to minimize the risk.

10
RSA Archer Strategic Risk Management

Personas and Access Roles

The following table describes the functions that make up the application’s organization roles. Depending
on the organization of your company, these functions and responsibilities may vary.

Persona Description How many (per Optional /

Information Required
System)?

Strategic Responsible for identifying the strategic risk, Can be more than Required
Risk conducting risk assessment, evaluating the one
Manager organization’s level or preparedness, approving
action plans, and monitoring and communicating
results. This could be someone mandated from the
Board, Risk Management, or another division.
Strategies Responsible for working with the appropriate Can be more than Optional
Manager teams to develop and implement action plans. This one
could be someone who owns or executes a
strategy.

Permissions Chart

Applications SRM: Risk Manager SRM: Strategies Manager SRM: Read Only
Strategic Risk CRU R R
Strategic Risk Assessment CRU R R
Findings CRU RU R
Remediation Plans CRU CRU R
Exception Requests CRU CRU R
Strategies R R R
Control Procedures R R R
Risk Register R R R
Corporate Objectives R R R
Business Unit R R R
Business Process R R R
C = Create, R = Read, U = Update, D = Delete

Users should at least have read access at record level for the applications related to Strategic Risk.

11
RSA Archer Strategic Risk Management

Chapter 3: Installing RSA Archer Strategic Risk

Management
Task 1: Prepare for the Installation
Procedure:
1. Ensure that your RSA Archer system meets the following requirements:
• RSA Archer Platform version 6.5 P2 or above
2. Download the ODA install package from the RSA Archer Exchange on RSA Link:
https://community.rsa.com/community/products/archer-grc/exchange/documentation-
downloads.
3. Read and understand the "Packaging Data" section of the RSA Archer Online Documentation.

Task 2: Install the Package

Installing a package requires that you import the package file, map the objects in the package to
objects in the target instance, and then install the package. See “Installing the Application Package” for
complete information.

Task 3: Test the Installation

Test the RSA Archer Strategic Risk Management App-Pack according to your company standards and
procedures, to ensure that it works with your existing processes.

Installing the RSA Archer Strategic Risk Management Package

Below are various tasks involved in package installation.

Task 1: Back Up Your Database

There is no Undo function for a package installation. Packaging is a powerful feature that can make
significant changes to an instance. RSA strongly recommends backing up the instance database before
installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects
in the target instance before installing the new package. This package provides a snapshot of the
instance before the new package is installed, which can be used to help undo the changes made by
the package installation. New objects created by the package installation must be manually deleted.

Task 2: Import the Package

Procedure
1. Go to the Install Packages page.

a. From the menu bar, click .

b. Under Application Builder, click Install Packages.
2. In the Available Packages section, click Import.
3. Click Add New, then locate and select the package file that you want to import.

12
RSA Archer Strategic Risk Management

4. Click OK.
The package file is displayed in the Available Packages section and is ready for installation.

Task 3: Map Objects in the Package

1. In the Available Packages section, select the package you want to map.

2. In the Actions column, click for that package.

The analyzer runs and examines the information in the package. The analyzer automatically
matches the system IDs of the objects in the package with the objects in the target instances,
and identifies:
• Objects from the package that are successfully mapped to objects in the target instance
• Objects that are new or exist, but are not mapped
• Objects that do not exist (the object is in the target but not in the source)

Note: This process can take several minutes or more, especially if the package is large, and can
time out after 60 minutes. This time-out setting temporarily overrides any IIS time-out settings
set to less than 60 minutes.

When the analyzer is complete, the Advanced Package Mapping page lists the objects in the
package file and corresponding objects in the target instance. The objects are divided into tabs,
depending on whether they are found within Applications, Solutions, Access Roles, Groups, Sub-
forms, or Questionnaires.

3. On each tab of the Advanced Mapping Page, review the icons that are displayed next to each
object name to determine which objects require you to map them manually.

Icon Name Description

Awaiting Indicates that the system could not automatically match the object or
Mapping children of the object to a corresponding object in the target instance.
Review Objects marked with this symbol must be mapped manually through the
mapping process.

Note: New objects should not be mapped. This icon should remain
visible. The mapping process can proceed without mapping all the
objects.

Note: You can execute the mapping process without mapping all the

objects. The icon is for informational purposes only.

Mapping Indicates that the object and all child objects are mapped to an object
Completed in the target instance. Nothing more needs to be done with these
objects in Advanced Package Mapping.

13
RSA Archer Strategic Risk Management

Do Not Indicates that the object does not exist in the target instance, or the
Map object was not mapped through the Do Not Map option. These objects
do not map through Advanced Package Mapping and must be remedied
manually.

Undo Indicates that a mapped object can be unmapped. This icon is displayed
in the Actions column of a mapped object or object flagged as Do Not
Map.

4. For each object that requires remediation, do one of the following:

• Map each item individually.
i. On the Target column, select the object in the target instance to which you
want to map the source object. If an object is new or if you do not want to map
an object, select Do Not Map from the drop-down list.
Important: Ensure that you map all objects to their lowest level. When objects
have child or related objects, a drill-down link is provided on the parent object.
Child objects must be mapped before parent objects are mapped. For more
details, see "Mapping Parent/Child Objects" in the RSA Archer Online
Documentation.
• Automatically map all objects in a tab that have different system IDs but the same
object name as an object in the target instance.
a. In the toolbar, click Auto Map.
b. Select an option for mapping objects by name.

Option Description

Ignore Select this option to match objects with similar names

case regardless of the case of the characters in the object names.

Ignore Select this option to match objects with similar names

spaces regardless of whether spaces exist in the object names.
c. Click OK.
The Confirmation dialog box opens with the total number of mappings
performed. These mappings have not been committed to the database yet and
can be modified in the Advanced Package Mapping page.
d. Click OK.
• Set all objects in the tab to Do Not Map
i. In the toolbar, click Do Not Map.
Note: To undo the mapping settings for any individual object, click in the
Actions column.

When all objects are mapped, the icon displays in the tab title. The icon displays next
to the object to indicate that the object is not mapped.

14
RSA Archer Strategic Risk Management

5. Verify that all other objects are mapped correctly.

6. (Optional) To save your mapping settings and resume working later, see "Exporting and
Importing Mapping Settings" in the RSA Archer Online Documentation.
7. Once you have reviewed and mapped all objects, click .
8. Select I understand the implications of performing this operation and click OK.

The Advanced Package Mapping process updates the system IDs of the objects in the target
instance as defined on the Advanced Package Mapping page. When the mapping is complete,
the Import and Install Packages page is displayed.

Important: Advanced Package Mapping modifies the system IDs in the target instance. Any
Data Feeds and Web Service APIs that use these objects must be updated with the new system
IDs.

Task 4: Install the Package

All objects from the source instance are installed in the target instance unless the object cannot be
found or is flagged to not be installed in the target instance. A list of conditions that may cause objects
not to be installed is provided in the Log Messages section. A log entry is displayed in the Package
Installation Log section.

Procedure
1. Go to the Install Packages page.

a. From the menu bar, click .

b. Under Application Builder, click Install Packages.
2. In the Available Packages section, locate the package file that you want to install, and click
Install.
Note: Items in the package that do not match an existing item in the target instance are
selected by default. All reports will be matched by default. Uncheck the checkbox beside the
report to unselect them
3. In the Configuration section, under Install Method, select an option for each selected
component. To use the same Install Method for all selected components, select a method
from the top-level drop-down list.
Note: If you have any existing components that you do not want to modify, select Create New
Only. You may have to modify those components after installing the package to use the
changes made by the package.
4. In the Configuration section, under Install Option, select an option for each selected
component. To use the same Install Option for all selected components, select an option from
the top-level drop-down list.
Note: If you have any custom fields or formatting in a component that you do not want to
lose, select Do not Override Layout. You may have to modify the layout after installing the
package to use the changes made by the package.

15
RSA Archer Strategic Risk Management

5. To deactivate target fields and data-driven events that are not in the package, in the Post-
Install Actions section, select the Deactivate target fields and data-driven events that are not
in the package checkbox. To rename the deactivated target fields and data-driven events with
a user-defined prefix, select the Apply a prefix to all deactivated objects checkbox, and enter
a prefix. This can help you identify any fields or data-driven events that you may want to
review for cleanup post-install.
6. Click Install.
7. Click OK.

Task 5: Review the Package Installation Log

1. Go to the Package Installation Log tab of the Install Packages page.

a. From the menu bar, click .

b. Under Application Builder, click Install Packages.
c. Click the Package Installation Log tab.
2. Click the package that you want to view.
3. In the Package Installation Log page, in the Object Details section, click View All Warnings.
4. Manually activate Advanced Workflow by clicking Active button in Advanced Workflow tab in
RSA Archer Strategic Risk Management application.
5. If users do not have Strategies application (RSA Archer Strategic Planning App-pack), move field
Strategy Owners off layout and inactivate it.

16
RSA Archer Strategic Risk Management

Chapter 4: Using RSA Archer Strategic Risk

Management
Task A: Create Strategic Risk Record

Users: Strategic Risk Manager

Procedure:

1. Enter Strategic Risk, Description, Strategic Risk Categories, Priority, Review Frequency in the
General Information section.
2. Enter Stakeholders and Strategies Manager, if available, in the Stakeholders section.
3. Provide any other necessary details.
4. To save the strategic risk profile, click the Save button in the top left of the screen. At this stage
profile is created and strategic risk manager will have to perform risk assessment.

Task B: Generate Strategic Risk Assessment

Users: Strategic Risk Manager

Procedure:

1. To generate Strategic Risk assessment, click on Generate Risk Assessment button at the top left
of the screen.
2. Once the Strategic Risk assessment is generated, it can be accessed through the Strategic Risk
Assessment section of the Risk Assessment tab. At this point, the Assessment Status is Not
Started.

Task C: Complete Risk Rating

Users: Strategic Risk Manager

Procedure:

1. Edit Strategic Risk record.

2. Enter Inherent Impact, Inherent Likelihood, Residual Impact, Residual Likelihood in Strategic Risk
Assessment Section in Risk Assessment tab.
3. Click on Save Changes button at the top of the page or Save button at the end of the row in
Strategic Risk Assessment section.
4. Click on Save in Strategic Risk record.
5. Inherent and Residual Risk values from the latest assessment will be populated in Strategic Risk
Summary section. Assessment Status in Assessment Summary section in Risk Assessment tab
will change to In Progress.

17
RSA Archer Strategic Risk Management

Task D: Assess Level of Preparedness

Users: Strategic Risk Manager

Procedure:

1. Edit strategic risk record.

2. Provide status for SR: Analysis Completed in Strategic Risk Assessment section under Risk
Assessment tab.
a. Select status N/A, if risk analysis is not required.
b. Select status In Progress, if risk analysis is in progress.
c. Select status Complete, if risk analysis is complete.
d. Click on Save Changes button at the top of the page or Save button at the end of the
row in Strategic Risk Assessment section.
3. Provide status for SR: Responsibilities Defined in Strategic Risk Assessment section under Risk
Assessment tab.
a. Select status N/A, if not required.
b. Select status In Progress, if the board is still being briefed.
c. Select status Complete, if responsibilities have been defined.
d. Click on Save Changes button at the top of the page or Save button at the end of the
row in Strategic Risk Assessment section.
4. Provide status for SR: Board Briefed in Strategic Risk Assessment section under Risk Assessment
tab.
a. Select status N/A, if not required.
b. Select status In Progress, if the responsibilities are being defined.
c. Select status Complete, if the board has been briefed.
d. Click on Save Changes button at the top of the page or Save button at the end of the
row in Strategic Risk Assessment section
5. Provide status for Remediation Plan Created in Strategic Risk Assessment Section under Risk
Assessment tab.
a. Select status N/A, if not remediation plan is not required.
b. If remediation plan is required for the strategic risk,
i. Click on Add New or Look Up at the right corner of Findings section in Related
Findings tab. To add a new finding, assign Strategies Manager in Assigned To
field in finding when adding a new finding. The Strategies Manager is
responsible for creating a remediation plan.
ii. Select status In Progress, if remediation plan is under development.
c. Select status Under Review, if remediation plan is Awaiting Review from the Strategic
Risk Manager.
d. Select status Complete, if remediation plan has been Approved or Rejected.
e. Click on Save Changes button at the top of the page or Save button at the end of the
row in Strategic Risk Assessment section.

18
RSA Archer Strategic Risk Management

6. Level of Preparedness from the latest assessment will be populated in Level of Preparedness
section.
7. If Risk Ratings, SR: Analysis, SR: Board Briefed, SR: Responsibilities Defined and Remediation Plan
Created are complete then Assessment status will change to Complete.

Note: Findings and Remediation Plans utilize the out-of-the-box workflow. In addition, to relate Findings
to Strategies through the RSA Archer Strategic Planning App-Pack, create a cross-reference to the
Strategies application and add it to the Findings layout.

Task E: Monitor Remediation Execution

Users: Strategic Risk Manager

Procedure:

1. Provide status for Remediation Plan In Execution in Strategic Risk Assessment section under Risk
Assessment tab.
a. Select status N/A, if a remediation plan was not required.
b. Select status In Progress, if remediation plan is in execution.
c. Select status Complete, if remediation plan has been executed.
2. Click on Save Changes button at the top of the page or Save button at the end of the row in
Strategic Risk Assessment section.

Task F: Overall Recommendation

Users: Strategic Risk Manager

Procedure:

1. To provide an Overall Recommendation regarding the Strategic Risk in scope.

a. Edit Strategic Risk record.
b. Complete the Overall Recommendation in Level of Preparedness section.
c. Click Save.
2. To export the Overall Recommendation Report.
a. Click on Export at the top right corner of the Strategic Risk record page.
b. Click on RSA Archer Strategic Risk Overall Recommendation report.

Task G: Re-assess Strategic Risk

Users: Strategic Risk Manager

Procedure:

1. Click on Generate Strategic Risk Assessment button at the top right corner of the page.

19
RSA Archer Strategic Risk Management

2. Once the strategic risk assessment is generated, it can be accessed through the Strategic Risk
Assessment section of the Risk Assessment tab. The Assessment Status is Not Started.

20
RSA Archer Strategic Risk Management

Troubleshooting Guidelines:
If users do not have any of the optional applications, they would receive warnings related to those
modules. Users can ignore those warnings or take action if required. The App-Pack’s operation will not
be affected due to these warnings/errors.

For example, below are few warnings/failures which might be observed if users do not have the
Strategies Application (RSA Archer Strategic Planning App-Pack):

1. Warning for Access Roles “SRM: Risk Manager”, “SRM: Strategies Manager”, “SRM: Read Only”:
Access rights to the following page could not be configured due to missing module: Strategies.
2. Minor failure for report Strategic Risks by Strategies:
Strategic Risks by Strategies report could not be created. There are no display fields for this
report.
3. Minor failure for Impacted Strategies:
Field Impacted Strategies could not be saved due to inability to identify the related module.
4. Warnings for reports:
Warnings regarding missing Impacted Strategies field or fields from Strategies application
(Category, Priority, Strategy, Status and Strategy owner fields) from RSA Archer Strategic
Planning App-Pack.
5. Warning for Inherited User/Group field Strategy Owners:
Strategy Owner was not found in the target instance and was removed from field: Strategy
Owners.

If users do not have any of the optional applications following changes can be made post-installation
to keep the layout neat:

1. If Strategies is not available:

a. Move Strategic Owner off layout in Default layout of Strategic Risk Application.
b. Remove iView: Strategies affected by Strategic Risk from Strategic Risk Manager
Dashboard.
c. Remove report My Strategic Risk by Residual Risk and Strategies from My Strategic Risk
Summary iView in Strategies Manager.
d. Remove Impacted Strategies section from RSA Archer Strategic Risk Overall
Recommendation Report Mail Merge template.
2. If Business Unit is not available:
a. Remove Strategic Risks by Business Unit iView from SRM: Executives Dashboard.
3. If Control Procedures are not available:
a. Remove Strategic Risk and Related Controls iView from SRM: Executives Dashboard
b. Remove Related Controls section from Mail Merge template.

21