Working With Risks

Risks are known issues of potential security or liability exposure that affect your overall risk posture and could result in financial or other losses if not mitigated.

Risk Register and related features are under development. Expect additional functionality soon.

You can track risks using the Risk Register from the Compliance main menu item (see: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1902804997 ), but before you can do so, some groundwork needs to be done by a superuser on the Settings page.

In the Risks area of the Settings page, you can manage several items related to risk tracking. As a superuser, click “Risks” on the Setup area of the left-hand nav panel on the Settings page. Before you can create different risk types, you first need to create risk categories and establish a risk scale. Then you create individual risks within the categories. Later on, users with the appropriate role will then be able to create and edit risk scores in the risk register based on those risks.

Risk Score Calculation

The risk score has two dimensions, impact and likelihood. Both of these value use an underlying risk scale, which is simply the range of acceptable values. Isora GRC uses a default risk scale, and if you wanted to use a different range of values, you would have to open a support ticket to request that change.

Here is the default risk scale for likelihood:

Risk Scale Likelihood Value

Interpretation

Risk Scale Likelihood Value

Interpretation

1

Highly Unlikely

2

Unlikely

3

Possible

4

Likely- A risk has a 61-90% chance of occurring.

5

Highly Likely- Almost certain to occur.

This is the default risk scale for impact:

Risk Scale Impact Value

Interpretation

Risk Scale Impact Value

Interpretation

1

Inconsequential

2

Low

3

Moderate

4

High

5

Severe

Your institution may have more specific value-based definitions assigned to these scale values.

Risk Categories

Risk categories simply allow you to organize risks more clearly, since you may identify very large numbers of risks.

For more info, see: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1998848002 .

Risks

A risk is an identified area of potential harmful exposure for your organization. It could be related to security or liability. Risks could be identified by completing an assessment. Currently, risks are created and managed by superusers. In a future release of Isora GRC, other users with the appropriate role will be able to add risks into Isora’s risk inventory. Once a risk has been identified, affected org units can track their exposure level by creating and managing a risk score in the risk register.

For more information about the risk register, see https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1902804997 .

For information about creating risks, see: https://saltycloud.atlassian.net/wiki/spaces/TES/pages/1998454801 .