Risks are known issues of potential security or liability exposure that affect your overall risk posture and could result in financial or other losses if not mitigated.
You can track risks using the Risk Register on the Compliance page (see: DRAFT: The Compliance Page ), but before you can do so, some groundwork needs to be done by a superuser on the Settings page.
In the Risks area of the Settings page, you can manage several items related to risk tracking. As a superuser, click “Risks” on the Setup area of the left-hand nav panel on the Settings page. Before you can create different risk types, you first need to create risk categories and establish a risk scale. Then you create individual risks within the categories. Later on, users with the appropriate role will then be able to create and edit risk scores in the risk register based on those risks.
Risk Scale
The risk scale is used whenever a new risk score (entry) is added to the risk register. You can establish what range of values you want to be available by creating the risk scale first. Commonly used values are 4, 5 and 6. The value you enter will become the highest number on the scale, which starts at 1. It is up to you as a risk analyst to decide what the scale should be and what the values mean.
Here is an example risk scale:
Risk Scale Value | Interpretation |
---|---|
1 | Highly Unlikely |
2 | Unlikely |
3 | Possible |
4 | Likely- A risk has a 61-90% chance of occurring. |
5 | Highly Likely- Almost certain to occur. |
For more information, see: <put link to How-to for risk scale>
Risk Categories
Risk categories simply allow you to organize risks more clearly, since you may identify very large numbers of risks.
For more info, see: <link to How to create risk category>
Risks
A risk is an identified area of potential harmful exposure for your organization. It could be related to security or liability. Risks could be identified by completing an assessment. Currently, risks are created and managed by superusers. In a future release of Isora GRC, other users with the appropriate role will be able to add risks into Isora’s risk inventory. Once a risk has been identified, affected org units can track their exposure level by creating and managing a risk score in the risk register.
For more information about the risk register, see DRAFT: The Compliance Page .
For information about creating risks, see: <link to how to create risk>
Add Comment