Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Risks are known issues of potential security or liability exposure that affect your overall risk posture and could result in financial or other losses if not mitigated.

Risk Register and related features are under development. Expect additional functionality soon.

You can track risks using the Risk Register from the Compliance main menu item (see: DRAFT: Compliance-> Risk Register ), but before you can do so, some groundwork needs to be done by a superuser on the Settings page.

In the Risks area of the Settings page, you can manage several items related to risk tracking. As a superuser, click “Risks” on the Setup area of the left-hand nav panel on the Settings page. Before you can create different risk types, you first need to create risk categories and establish a risk scale. Then you create individual risks within the categories. Later on, users with the appropriate role will then be able to create and edit risk scores in the risk register based on those risks.

Risk

...

Score Calculation

The risk score has two dimensions, impact and likelihood. Both of these value use an underlying risk scale is used whenever a new risk score (entry) is added to the risk register. You can establish what range of values you want to be available by creating the risk scale first. Commonly used values are 4, 5 and 6. The value you enter will become the highest number on the scale, which starts at 1. It is up to you as a risk analyst to decide what the scale should be and what the values mean.

Here is an example risk scale:

...

, which is simply the range of acceptable values. Isora GRC uses a default risk scale, and if you wanted to use a different range of values, you would have to open a support ticket to request that change.

Here is the default risk scale for likelihood:

Risk Scale Likelihood Value

Interpretation

1

Highly Unlikely

2

Unlikely

3

Possible

4

Likely- A risk has a 61-90% chance of occurring.

5

Highly Likely- Almost certain to occur.

...

This is the default risk scale for impact:

Risk Scale Impact Value

Interpretation

1

Inconsequential

2

Low

3

Moderate

4

High

5

Severe

Your institution may have more specific value-based definitions assigned to these scale values.

Risk Categories

Risk categories simply allow you to organize risks more clearly, since you may identify very large numbers of risks.

For more info, see: <link to How to create risk category>Create Risk Categories .

Risks

A risk is an identified area of potential harmful exposure for your organization. It could be related to security or liability. Risks could be identified by completing an assessment. Currently, risks are created and managed by superusers. In a future release of Isora GRC, other users with the appropriate role will be able to add risks into Isora’s risk inventory. Once a risk has been identified, affected org units can track their exposure level by creating and managing a risk score in the risk register.

For more information about the risk register, see DRAFT: Compliance-> Exception RequestsRisk Register .

For information about creating risks, see: <link to how to create risk> How to Create Risks .