Risk Management process

The Risk Management application provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues.

The Risk Managementapplication follows a standard process:
  1. Ensure that the settings for risk criteria and properties are correct based on the needs of your organization. Modify if necessary.
  2. Create profile types to group common profiles with similar risks together for easier assessment.
  3. Create risk statements to define a set of potential risks that could occur across the organization.
  4. Assign risk statements to profile types, to generate risks from statements, or generate risks manually.
  5. Determine the appropriate risk response (for example, Accept, Avoid, Mitigate, or Transfer), and document the justification for the response.
  6. Assign and complete Remediation Tasks to ensure that risk mitigation efforts are implemented.
  7. Utilize the Governance, Risk, and Compliance (GRC) application to track risk mitigation efforts by relating a risk to controls or policies which mitigate the risk.