Risk Statements vs. Individual Risks

Carlos58
Tera Contributor

‎03-08-2022 01:40 PM

Apologies for asking so many questions, but we just recently implemented IRM.  We are debating on the advantages or not of using Risk Statements vs. creating individual risks without inherit any information from the Risk Statements. We are wondering what approach have other organizations taken. Do you create Risks using Risk Statements or not? and why?

Thanks for your feedback,

Carlos

0 Helpfuls
  • 2,288 Views
8 REPLIES 8

Carlos58
Tera Contributor
In response to Sebastien Fix

‎03-10-2022 11:19 AM

Sebastien,

Thanks very much for your answer. It definitely helps me understand how Risk Statements work.

 

0 Helpfuls

Phil Swann
Tera Guru
Tera Guru
In response to Sebastien Fix

‎03-10-2022 12:22 PM

there is also now the ability to have multiple risks for the same statement and entity! 

 

 

0 Helpfuls

Phil Swann
Tera Guru
Tera Guru

‎03-10-2022 12:25 PM

scoping using entity type mapping to risk statement (top-down), may not always be the right thing 

 

organisations moving in the right direction should start to leverage the information objects, via business application/CSDM, and then map into citations, policies and risk statements... this will feed the risk identification workflow... 

 

furthermore, scoping via risk ID & advanced risk assessment provides a more focused approach 

 

but certainly.... use risk statements , and if you are not going to use risk statements to start with - make sure you have a plan for adopting them later, and avoiding the pollution you will create

Carlos58
Tera Contributor
In response to Phil Swann

‎03-11-2022 06:05 AM

Thanks Phil, appreciate your comments. Looks like going via Risk Statements is the best way to go.

0 Helpfuls