- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-13-2025 06:52 AM
Hello! I cannot find it anywhere. But maybe someone can explain why unlike Risks, Risk Statement has no option to Retire (but can be deleted)?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-13-2025 07:42 AM - edited ‎03-13-2025 07:45 AM
Hi @Momiji
Yes risk statements can't be retired but can be made inactive and it doesn't has any lifecycle like risks.
Risk statement is nothing but a description of a potential risks gathered from the different sources.
For example if the organisation is handling very sensitive information like customer credit card details then there could be a risk of data leakage because of various reasons. So those reasons will be considered as a risk statement and mapped with the corresponding entities like business units.
On the other hand, risk is nothing but an instance of the risk statement. If any entity qualifies, risk record will be created for that entity and processed to mitigate/accept the risk.
After sometime if the organisation decides not to hold/process customer credit card details then that risk statement becomes invalid, so it can be deactivated.
It's very basic explanation I can provide based on my experience.
Hope this helps.
Regards,
Siva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-13-2025 07:42 AM - edited ‎03-13-2025 07:45 AM
Hi @Momiji
Yes risk statements can't be retired but can be made inactive and it doesn't has any lifecycle like risks.
Risk statement is nothing but a description of a potential risks gathered from the different sources.
For example if the organisation is handling very sensitive information like customer credit card details then there could be a risk of data leakage because of various reasons. So those reasons will be considered as a risk statement and mapped with the corresponding entities like business units.
On the other hand, risk is nothing but an instance of the risk statement. If any entity qualifies, risk record will be created for that entity and processed to mitigate/accept the risk.
After sometime if the organisation decides not to hold/process customer credit card details then that risk statement becomes invalid, so it can be deactivated.
It's very basic explanation I can provide based on my experience.
Hope this helps.
Regards,
Siva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-13-2025 11:45 AM
Thanks for this explanation @J Siva!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-14-2025 04:52 AM
Hello again @J Siva. You mentioned that risk statements can be made inactive. How to do this btw?
There's a security constraint in our case for the 'Active' field and we found that there's a dictionary override (read only is checked).
Maybe you know what's the best practice?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-14-2025 07:44 AM
Hi @Momiji
Yes, it's read-only field. But you can modify that.
That's how we're using in my previous project. Making that field editable does not have any negative impact.
Only thing to consider is that field should be editable only by the risk admins, so that we can ignore the unauthorised updates.
One other way is deactivating the framework. If you do so all the related risk statements, risks and other records will be deactivated/retired.
Hope this helps.
Regards,
Siva
