Risk Statement cannot be Retired

Momiji
Tera Contributor

Hello! I cannot find it anywhere. But maybe someone can explain why unlike Risks, Risk Statement has no option to Retire (but can be deleted)?

1 ACCEPTED SOLUTION

J Siva
Tera Sage

Hi @Momiji 

Yes risk statements can't be retired but can be made inactive and it doesn't has any lifecycle like risks.

Risk statement is nothing but a description of a potential risks gathered from the different sources.

For example if the organisation is handling very sensitive information like customer credit card details then there could be a risk of data leakage because of various reasons. So those reasons will be considered as a risk statement and mapped with the corresponding entities like business units.

On the other hand, risk is nothing but an instance of the risk statement. If any entity qualifies, risk record will be created for that entity and processed to mitigate/accept the risk.

 

After sometime if the organisation decides not to hold/process customer credit card details then that risk statement becomes invalid, so it can be deactivated.

 

It's very basic explanation I can provide based on my experience. 

Hope this helps.

Regards,

Siva

View solution in original post

4 REPLIES 4

J Siva
Tera Sage

Hi @Momiji 

Yes risk statements can't be retired but can be made inactive and it doesn't has any lifecycle like risks.

Risk statement is nothing but a description of a potential risks gathered from the different sources.

For example if the organisation is handling very sensitive information like customer credit card details then there could be a risk of data leakage because of various reasons. So those reasons will be considered as a risk statement and mapped with the corresponding entities like business units.

On the other hand, risk is nothing but an instance of the risk statement. If any entity qualifies, risk record will be created for that entity and processed to mitigate/accept the risk.

 

After sometime if the organisation decides not to hold/process customer credit card details then that risk statement becomes invalid, so it can be deactivated.

 

It's very basic explanation I can provide based on my experience. 

Hope this helps.

Regards,

Siva

Momiji
Tera Contributor

Thanks for this explanation @J Siva!

Momiji
Tera Contributor

Hello again @J Siva. You mentioned that risk statements can be made inactive. How to do this btw?

There's a security constraint in our case for the 'Active' field and we found that there's a dictionary override (read only is checked).

Maybe you know what's the best practice?

Hi @Momiji 

Yes, it's read-only field. But you can modify that.

That's how we're using in my previous project. Making that field editable does not have any negative impact.

Only thing to consider is that field should be editable only by the risk admins, so that we can ignore the unauthorised updates. 

One other way is deactivating the framework. If you do so all the related risk statements, risks and other records will be deactivated/retired.

Hope this helps.

 

Regards,

Siva