Create a risk statement

Risk managers create risk statements to group risks into manageable categories.

Before you begin

Role required: sn_risk.manager

Procedure

  1. Navigate to Risk > Risk Library > Risk Statements.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Note: When any of the following statement fields changes: Name, Description, Reference, Category, Type, Classification, and Attestation, all the associated controls and risks are updated, and their state is set back to Draft.
    Table 1. Risk Statement
    Field Description
    Name* The name of the risk statement.
    Framework Select the framework this risk statement is associated with.
    Category Choose a category.
    • Legal
    • Financial
    • Operational
    • Reputational
    • Legal/Regulatory
    • Credit
    • Market
    • IT
    Description A description of the risk statement.
    Additional information Additional information for this risk statement.
    Inherent impact Select a number indicating how much impact the risk poses.
    • 5 - Very High
    • 4 - High
    • 3 - Moderate
    • 2 - Low
    • 1 - Very Low
    Inherent likelihood Select a number indicating the likelihood of the identified risk occurring.
    • 5 - Extremely Likely
    • 4 - Likely
    • 3 - Neutral
    • 2 - Unlikely
    • 1 - Extremely Unlikely
    Residual impact Select a number indicating how much impact the risk poses with all mitigation strategies in place
    • 5 - Very High
    • 4 - High
    • 3 - Moderate
    • 2 - Low
    • 1 - Very Low
    Residual likelihood Select a number indicating the likelihood of the identified risk occurring with all mitigation strategies in place.
    • 5 - Extremely Likely
    • 4 - Likely
    • 3 - Neutral
    • 2 - Unlikely
    • 1 - Extremely Unlikely
    Note: Accurate default scoring selections are important for normalizing risk across the organization.
  4. Click Submit.