Business rules installed with Risk Management

GRC: Risk Management adds the following business rules.

Business rule Tables Description
Assign risks to profiles Profile

[sn_grc_profile]

Allows the system to assign risks to various profiles.
Calculate qualitative scores Risk

[sn_risk_risk]

Calculates the inherent and residual scores for the risk and updates the qualitative values.
Calculate Scores Risk

[grc_risk]

Calculates the inherent, residual, and calculated risk score from the likelihood and significance of a risk.
Calculated ALE Risk

[sn_risk_risk]

Sets the calculated score for the risk.
Cascade Changes Risk Statement

[sn_risk_definition]

Copies changes to the name, description, and category fields from the risk statement to its associated risks.
Create risk scratchpad Profile Type

[sn_grc_profile_type]

Sets a scratchpad field to determine if risks are currently being created.
Populate SLE & ARO from definition Risk

[sn_risk_risk]

Populates the default values from the risk statement into a risk when a risk is created.
Prevent adding inactive framework Risk Framework to Profile Type

[sn_risk_m2m_framework_profile_type]

Prevents the association of an inactive risk framework with any profile type.
Prevent adding inactive risk statement Risk Statement to Profile Type

[sn_risk_m2m_definition_profile_type]

Prevents the association of an inactive risk statement with any profile type.
Rollup Profile Scores
  • Profile [sn_grc_profile]
  • Risk [grc_risk]
Calculates inherent, residual, and calculated risk scores from the likelihood and significance of all risks associated with a profile.
Scratchpad: Risk Scoring Risk

[sn_risk_risk]

Sets scratchpad fields to determine if qualitative scoring is used for impact and likelihood and whether the compliance plugin is installed.
Scratchpad: Risk Statement Scoring Risk Statement

[sn_risk_definition]

Sets scratchpad fields to determine if qualitative scoring is used for impact and likelihood.
Set Content Risk Statement to Profile Type

[sn_risk_m2m_definition_profile_type]

Sets the content field to be equal to the risk statement in the many-to-many relationship.
Set maximum value Risk Criteria

[sn_risk_criteria]

Updates the maximum value whenever the currency or percentage max values change.
Sync between content and definition Risk

[sn_risk_risk]

Synchronizes the content and risk statement fields.
Sync qualitative fields
  • Risk Statement [sn_risk_definition]
  • Risk [sn_risk_risk]
Synchronizes the qualitative and quantitative scores whenever risk impact, residual impact, inherent SLE, residual SLE, likelihood, residual likelihood, inherent ARO, or residual ARO change.
Update impact/likelihood Risk Criteria

[sn_risk_criteria]

Updates the SLE, ARO, impact, likelihood of all risk statements and risks that are using the risk criteria.
Update applies to when profile changes Risk

[grc_risk]

Updates the ‘applies to’ field on the risk form when the profile is changed on the risk form.
Update risk control factor Risk to Control

[sn_risk_m2m_risk_control]

Updates the risk control failure factor whenever a many-to-many relationship between risks and controls is created, updated, or deleted.
Validate inherent and residual values Risk Statement

[sn_risk_definition]

Validates that the inherent impact, likelihood, SLE, and ARO are greater than or equal to the corresponding residual values.
Validate residual fields Risk

[sn_risk_risk]

Validates that the inherent impact, likelihood, SLE, and ARO are greater than or equal to the corresponding residual values.