Hi @Madhulika7 ,
Consider both control objective and Risk Statement as Templates where you connect your Entity types to generate Controls and risk for an entity.
A control objective is an objective, direction, or standard that acts as guidance for company interactions and operations. Control objectives can be categorized, classified, and related to policies.
Control is same as control objective which you can apply to an entity where you want to measure compliance.
Technically the name for both control objective and control would be the same.
Risk Statement : You can create and associate multiple risks to the same risk statement and entity combination. This association benefits the risk managers and the entity owners.
Before the latest release, users could only associate one risk for a single entity and risk statement combination. This ability was useful for customers who have a mature risk program with a well-defined and standardized risk taxonomy. However, it did not meet the requirements of customers who do not have a standardized risk taxonomy. Such customers usually have only two or three levels of risk statement hierarchy while their actual risks are still local for each business unit or lines of business.
Risk is something you are trying to mitigate by applying controls.
so again, Technically the name for both Risk Statement and Risk would be the same.
Hi @Madhulika7 ,
Consider both control objective and Risk Statement as Templates where you connect your Entity types to generate Controls and risk for an entity.
A control objective is an objective, direction, or standard that acts as guidance for company interactions and operations. Control objectives can be categorized, classified, and related to policies.
Control is same as control objective which you can apply to an entity where you want to measure compliance.
Technically the name for both control objective and control would be the same.
Risk Statement : You can create and associate multiple risks to the same risk statement and entity combination. This association benefits the risk managers and the entity owners.
Before the latest release, users could only associate one risk for a single entity and risk statement combination. This ability was useful for customers who have a mature risk program with a well-defined and standardized risk taxonomy. However, it did not meet the requirements of customers who do not have a standardized risk taxonomy. Such customers usually have only two or three levels of risk statement hierarchy while their actual risks are still local for each business unit or lines of business.
Risk is something you are trying to mitigate by applying controls.
so again, Technically the name for both Risk Statement and Risk would be the same.
