Creating risks in GRC

dev_K
Tera Contributor

Hello,

 

 

I am following the GRC training and I find the explanation regarding risk creation quite unclear.

 

How the risks are created? What does it mean we can create risk automatically when we associate entity type with risk statement (but how those risks are linked to the statement? who creates them so later they can be linked to entities).

 

I imagine there is a person with a role that can look into eg. policy and see what are the potential risks if the company doesn't comply with requirements?

 

 

thanks!

1 ACCEPTED SOLUTION

@dev_K Yes these are OOB Risk, yes even you can customize the risk and tag them to the risk statement

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna

View solution in original post

5 REPLIES 5

Mehernosh Amrol
Giga Guru

Risks are created from the Risk Statements.  This process is similar to the Control Objective and Control creation process.

 

Once you have created all your Risk Statements, you can associate them with Entity Types.  All the Entities in the Entity Type will then get a Risk associated with them.

 

It is best explained in this Scoping Video

Prasanna_Patil
Tera Guru

Hi @dev_K let's assume that you have an entity type "Department" which contains 3 entities(IT,HR,Finance).

Now, lets create a risk statement and tag this entity type "department" to it. If "create automatic risk" check box is ticked  then on this risk statement automatically 3 risks(HR,IT,Finance) will be created

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna

So it means that these are OOB risks? Can we create custom risks and link them to risk statements?

@dev_K Yes these are OOB Risk, yes even you can customize the risk and tag them to the risk statement

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna