Working With Risks
Risks are known issues of potential security or liability exposure that affect your overall risk posture and could result in financial or other losses if not mitigated.
Risk Register and related features are under development. Expect additional functionality soon.
You can track risks using the Risk Register from the Compliance main menu item (see: Compliance-> Risk Register ), but before you can do so, some groundwork needs to be done by a superuser on the Settings page.
In the Risks area of the Settings page, you can manage several items related to risk tracking. As a superuser, click “Risks” on the Setup area of the left-hand nav panel on the Settings page. Before you can create different risk types, you first need to create risk categories and establish a risk scale. Then you create individual risks within the categories. Later on, users with the appropriate role will then be able to create and edit risk scores in the risk register based on those risks.
Risk Score Calculation
The risk score has two dimensions, impact and likelihood. Both of these value use an underlying risk scale, which is simply the range of acceptable values. Isora GRC uses a default risk scale, and if you wanted to use a different range of values, you would have to open a support ticket to request that change.
Here is the default risk scale for likelihood:
Risk Scale Likelihood Value | Interpretation |
1 | Highly Unlikely |
2 | Unlikely |
3 | Possible |
4 | Likely- A risk has a 61-90% chance of occurring. |
5 | Highly Likely- Almost certain to occur. |
This is the default risk scale for impact:
Risk Scale Impact Value | Interpretation |
1 | Inconsequential |
2 | Low |
3 | Moderate |
4 | High |
5 | Severe |
Your institution may have more specific value-based definitions assigned to these scale values.
Risk Categories
Risk categories simply allow you to organize risks more clearly, since you may identify very large numbers of risks.
For more info, see: How to Create Risk Categories .
A risk is an identified area of potential harmful exposure for your organization. It could be related to security or liability. Risks could be identified by completing an assessment. Currently, risks are created and managed by superusers. In a future release of Isora GRC, other users with the appropriate role will be able to add risks into Isora’s risk inventory. Once a risk has been identified, affected org units can track their exposure level by creating and managing a risk score in the risk register.
For more information about the risk register, see Compliance-> Risk Register .
For information about creating risks, see: How to Create Risks .