Recommendations are one of the more powerful features of RiskKey. Once a finding, exception, control gap, etc has been discovered in a risk assessment or control objective (depending on the type of project), you can enter a recommendation. This tells the system that there is an item that needs addressing. Resolving a "recommendation" from there takes place in a number of steps.

To view all recommendations click on the recommendations tab.

When you are looking at your recommendations, the descriptive information can be found on the left and the plan for resolving it on the right.

Once you have formulated your plan "save" it, and your recommendation will now look similar to what you see below:

After the plan of action has been performed, the person assigned responsibility for the recommendation should click the "mark as completed and submit for approval" button.

This two-step process allows you to maintain segregation of duties and preserve the integrity of the recommendation. Only individuals with sufficient access rights to the project are able to mark the recommendation as truly resolved (see below).

Finally, once the recommendation is fully verified and approved, the recommendation will appear grayed-out and closed.

It will no longer impact the progress of project. Don't forget to readjust the original risk rating!

*Note: If at a later time it turns out that a "closed" recommendation is not as satisfactorily resolved as previously thought, or if the same exception is once again identified, the recommendation(s) can be reopened by clicking on "Re-open."