Define a GRC risk

Use the Risk form to define a new risk.

  1. Navigate to GRC > Risks.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Table 1. Risk form fields
    Field Description
    Risk ID A unique number assigned to the risk by the system.
    Name The name of the risk.
    Significance The impact of the risk if it is realized. Defined by risk criteria.
    Likelihood The probability that the risk will be realized. Defined by risk criteria.
    Recommended approach A reference to the risk approach rule Defining GRC Risks#Defining a Risk Approach Rule that determines how to treat this risk. Can be calculated dynamically using the Calculate Risk Approach UI action on the form.
    Pertinent Indicator that shows if a risk document is relevant to your organization. By default, this check box is selected and has a value of True. Clear this check box to mark this risk as not pertinent to your organization and to prevent it from appearing in compliance reporting.
    State A choice field for the state of the risk. Choose from:
    • Known: The existence of the risk is known. This is the default value.
    • Open: The risk has been analyzed.
    • Issue: The risk has occurred.
    • Closed: The risk is no longer valid. For example, the risk was related to mainframes, but the organization no longer uses mainframes.
    Category What category of risk applies to the record.
    Compliance [Read-only] Percentage of compliant control test instances associated with this risk.
    Non-compliance [Read-only] Percentage of non-compliant control test instances associated with this risk.
    Applies to A Document ID field to identify the scope.
    Description A verbose description of the risk.
    Additional information Information of any type that is pertinent to this risk.
  4. Click Submit.