Control Risk Assessment using Advanced Risk Assessment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 10:24 AM
Hello
I would like to know how to perform Control Risk Assessment using Advanced Risk Assessment.
Thanks
- Labels:
-
Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 12:20 PM
Hello
How to perform the Control Risk Assessment using the Advanced Risk Assessment requires the proper set up. The first link below talks understanding the risk assessment instance first:
Understanding Risk Assessment Instance
Then this link talks about how to configure the control assessment in the system:
Once these two set ups are complete, the control assessment is part of the residual risk evaluation. The control must be related in the assessment and then they can be evaluated to calculate a residual risk with the details of the control effectiveness.
If you are looking to only perform a control effectiveness review, then we have something called CAM - Continuous Authorization Monitoring which allows a user to perform a control effectiveness evaluation without the Advanced Risk Assessment application.
RMF Evaluate Control Effectiveness
I hope these links will help in your search, however we also have great training resources in NOW Learning that can walk you through performing and Advanced Risk Assessment.
Please let me know if these resources do not help you, there might be additional ones that are more specific to your question if you provide additional details.
Have a great day
John Quintanilla
Principal Business Process Consultant - GRC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 12:49 PM
Thank you for the prompt reply. This is certainly helpful. My use case is to perform a RCSA on the external obligations/internal policies and come up with risk of non compliance of controls.
Can i use Advanced Risk Assessment for this use case?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 01:13 PM
Absolutely you can and in order to do this I would suggest reviewing the following document: Advanced Risk Assessment
Then follow the information on this document: Integrate ARA with Risks and Controls. Here is where the RCSA is going to come into play because depending on how you set up your Entity and relate the risks and controls will depend on the output of the risk assessment.
Have a great day
John Quintanilla - Principal Business Process Consultant - GRC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 02:44 PM
Thanks
So i have created RAM with entity class as Business Process, then i proceed to set up Risk Assessment Scope, here i can only select an individual entity from the entity class.
1. What if i have to apply the RAM to all the entities of the Entity Class? Do i have to create a Risk assessment scope for each and every entity of the entity class? I guess i am missing the relationship between the Entity class and applying the RAM to all the entities of the class.