Business rules installed with Risk Management GRC: Risk Management adds the following business rules. Business rule Tables Description Assign risks to profiles Profile[sn_grc_profile] Allows the system to assign risks to various profiles. Calculate qualitative scores Risk[sn_risk_risk] Calculates the inherent and residual scores for the risk and updates the qualitative values. Calculate Scores Risk [grc_risk] Calculates the inherent, residual, and calculated risk score from the likelihood and significance of a risk. Calculated ALE Risk[sn_risk_risk] Sets the calculated score for the risk. Cascade Changes Risk Statement[sn_risk_definition] Copies changes to the name, description, and category fields from the risk statement to its associated risks. Create risk scratchpad Profile Type[sn_grc_profile_type] Sets a scratchpad field to determine if risks are currently being created. Populate SLE & ARO from definition Risk[sn_risk_risk] Populates the default values from the risk statement into a risk when a risk is created. Prevent adding inactive framework Risk Framework to Profile Type[sn_risk_m2m_framework_profile_type] Prevents the association of an inactive risk framework with any profile type. Prevent adding inactive risk statement Risk Statement to Profile Type[sn_risk_m2m_definition_profile_type] Prevents the association of an inactive risk statement with any profile type. Rollup Profile Scores Profile [sn_grc_profile] Risk [grc_risk] Calculates inherent, residual, and calculated risk scores from the likelihood and significance of all risks associated with a profile. Scratchpad: Risk Scoring Risk[sn_risk_risk] Sets scratchpad fields to determine if qualitative scoring is used for impact and likelihood and whether the compliance plugin is installed. Scratchpad: Risk Statement Scoring Risk Statement[sn_risk_definition] Sets scratchpad fields to determine if qualitative scoring is used for impact and likelihood. Set Content Risk Statement to Profile Type[sn_risk_m2m_definition_profile_type] Sets the content field to be equal to the risk statement in the many-to-many relationship. Set maximum value Risk Criteria[sn_risk_criteria] Updates the maximum value whenever the currency or percentage max values change. Sync between content and definition Risk[sn_risk_risk] Synchronizes the content and risk statement fields. Sync qualitative fields Risk Statement [sn_risk_definition] Risk [sn_risk_risk] Synchronizes the qualitative and quantitative scores whenever risk impact, residual impact, inherent SLE, residual SLE, likelihood, residual likelihood, inherent ARO, or residual ARO change. Update impact/likelihood Risk Criteria [sn_risk_criteria] Updates the SLE, ARO, impact, likelihood of all risk statements and risks that are using the risk criteria. Update applies to when profile changes Risk [grc_risk] Updates the ‘applies to’ field on the risk form when the profile is changed on the risk form. Update risk control factor Risk to Control[sn_risk_m2m_risk_control] Updates the risk control failure factor whenever a many-to-many relationship between risks and controls is created, updated, or deleted. Validate inherent and residual values Risk Statement[sn_risk_definition] Validates that the inherent impact, likelihood, SLE, and ARO are greater than or equal to the corresponding residual values. Validate residual fields Risk[sn_risk_risk] Validates that the inherent impact, likelihood, SLE, and ARO are greater than or equal to the corresponding residual values.