What is difference between GRC: Risks (sn_risk_risk_ and Risks showing up under PPM?

Usama
Tera Contributor

Hi all,

I'm looking to understand the difference between PPM risks and GRC risks.

 

After enabling a property for Advanced Risk PPM integration, I can see the Risks tab in the related lists for Projects form.

 

However, the risk records here are under a different Risk table (risk) from the GRC Risks table records whose table name is sn_risk_risk.

 

I can see we can create issues for these risks but I'm wondering if it has limited capabilities of linking controls.

 

Screen Shot 2023-02-15 at 1.58.11 pm.png

 

Screen Shot 2023-02-15 at 1.58.33 pm.png

 

1 ACCEPTED SOLUTION

Community Alums
Not applicable

Hi @Usama ,

With version 11.0.1, you can use Governance, Risk, and Compliance (GRC) Advanced Risk Assessment to assess your project risks. This feature enhances the risk management capabilities in Project Portfolio Management. The feature is integrated with a strong risk assessment engine which you can use with strong project risk management requirements. This feature also provides efficient visibility and reporting of the project risks posture by using tools such as aggregated project risk ratings and heatmaps. The integration also ensures that when a project risk threatens to affect the enterprise, the risk can be easily reported to the enterprise risk team. The enterprise risk team can then define the necessary mitigating actions.

Benefits of the GRC and Project Portfolio Management integration for managers

Using this integration, Project Managers can do the following activities:
  • Identify the risks from a standard risk taxonomy.
  • View the risks for their projects within the Project form.
  • Identify and assess the risks from the Project form itself.
  • Assess the inherent and residual risks.
  • Elevate a project risk to an enterprise risk if the risk impacts the enterprise.
  • Calculate the roll-up risk scores across projects, programs, and portfolios so that the stakeholders can view this information.
  • Monitor the risk posture of a project through risk aggregation.
    Note: Only the project risks that are assessed contribute to the final risk scores.
  • View the heatmap of the risks as well as understand the mitigating actions.
  • View the Project Risk Overview dashboard to get an overall risk posture.
Enterprise Risk Managers also benefit from the integration. They can do the following activities:
  • View the project risks that affect the enterprise and take necessary action.
  • Get an overall view of the enterprise-level risks and their nature at all levels.

Use case for the GRC and Project Portfolio Management integration

To understand the use case for this integration, consider the following scenario. An organization can have multiple projects. Some projects are complex and some are less complex. Risk management of complex projects may be aligned to ISO 31000 risk assessment standards. Complex projects require various activities such as risk identification, assessment, response, and monitoring. Less complex or simpler projects might require only simple assessments. The integration between Project Portfolio Management and Advanced Risk Assessment supports the risk assessment of project risks.

You can refer to the workflow to understand the use of this integration : Workflow of project risk assessment 

View solution in original post

3 REPLIES 3

Community Alums
Not applicable

Hi @Usama ,

With version 11.0.1, you can use Governance, Risk, and Compliance (GRC) Advanced Risk Assessment to assess your project risks. This feature enhances the risk management capabilities in Project Portfolio Management. The feature is integrated with a strong risk assessment engine which you can use with strong project risk management requirements. This feature also provides efficient visibility and reporting of the project risks posture by using tools such as aggregated project risk ratings and heatmaps. The integration also ensures that when a project risk threatens to affect the enterprise, the risk can be easily reported to the enterprise risk team. The enterprise risk team can then define the necessary mitigating actions.

Benefits of the GRC and Project Portfolio Management integration for managers

Using this integration, Project Managers can do the following activities:
  • Identify the risks from a standard risk taxonomy.
  • View the risks for their projects within the Project form.
  • Identify and assess the risks from the Project form itself.
  • Assess the inherent and residual risks.
  • Elevate a project risk to an enterprise risk if the risk impacts the enterprise.
  • Calculate the roll-up risk scores across projects, programs, and portfolios so that the stakeholders can view this information.
  • Monitor the risk posture of a project through risk aggregation.
    Note: Only the project risks that are assessed contribute to the final risk scores.
  • View the heatmap of the risks as well as understand the mitigating actions.
  • View the Project Risk Overview dashboard to get an overall risk posture.
Enterprise Risk Managers also benefit from the integration. They can do the following activities:
  • View the project risks that affect the enterprise and take necessary action.
  • Get an overall view of the enterprise-level risks and their nature at all levels.

Use case for the GRC and Project Portfolio Management integration

To understand the use case for this integration, consider the following scenario. An organization can have multiple projects. Some projects are complex and some are less complex. Risk management of complex projects may be aligned to ISO 31000 risk assessment standards. Complex projects require various activities such as risk identification, assessment, response, and monitoring. Less complex or simpler projects might require only simple assessments. The integration between Project Portfolio Management and Advanced Risk Assessment supports the risk assessment of project risks.

You can refer to the workflow to understand the use of this integration : Workflow of project risk assessment 

Usama
Tera Contributor

Hi @Sandeep ,

This very helpful. Thank you very much for the detailed reply.

 

Just to further clarify on a point. Since, these are Project risks, can we link controls to them? 

 

Thanks again,

Usama

Community Alums
Not applicable

This would be for Risk management using Advanced Risk where you assess inherent and residual risk mostly. Which means control should be used. Just open the Project risk record and check for the control.