Creating risks in GRC

dev_K · ‎04-29-2024

Hello,

I am following the GRC training and I find the explanation regarding risk creation quite unclear.

How the risks are created? What does it mean we can create risk automatically when we associate entity type with risk statement (but how those risks are linked to the statement? who creates them so later they can be linked to entities).

I imagine there is a person with a role that can look into eg. policy and see what are the potential risks if the company doesn't comply with requirements?

thanks!

Prasanna_Patil · ‎04-30-2024

@dev_K Yes these are OOB Risk, yes even you can customize the risk and tag them to the risk statement

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna

View solution in original post

Mehernosh Amrol · ‎04-29-2024

Risks are created from the Risk Statements. This process is similar to the Control Objective and Control creation process.

Once you have created all your Risk Statements, you can associate them with Entity Types. All the Entities in the Entity Type will then get a Risk associated with them.

It is best explained in this Scoping Video.

Prasanna_Patil · ‎04-29-2024

Hi @dev_K let's assume that you have an entity type "Department" which contains 3 entities(IT,HR,Finance).

Now, lets create a risk statement and tag this entity type "department" to it. If "create automatic risk" check box is ticked then on this risk statement automatically 3 risks(HR,IT,Finance) will be created

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna

dev_K · ‎04-30-2024

So it means that these are OOB risks? Can we create custom risks and link them to risk statements?

Prasanna_Patil · ‎04-30-2024

@dev_K Yes these are OOB Risk, yes even you can customize the risk and tag them to the risk statement

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna