Risk Statements vs. Individual Risks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2022 01:40 PM
Apologies for asking so many questions, but we just recently implemented IRM. We are debating on the advantages or not of using Risk Statements vs. creating individual risks without inherit any information from the Risk Statements. We are wondering what approach have other organizations taken. Do you create Risks using Risk Statements or not? and why?
Thanks for your feedback,
Carlos
- Labels:
-
Integrated Risk Management (IRM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2022 11:19 AM
Sebastien,
Thanks very much for your answer. It definitely helps me understand how Risk Statements work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2022 12:22 PM
there is also now the ability to have multiple risks for the same statement and entity!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2022 12:25 PM
scoping using entity type mapping to risk statement (top-down), may not always be the right thing
organisations moving in the right direction should start to leverage the information objects, via business application/CSDM, and then map into citations, policies and risk statements... this will feed the risk identification workflow...
furthermore, scoping via risk ID & advanced risk assessment provides a more focused approach
but certainly.... use risk statements , and if you are not going to use risk statements to start with - make sure you have a plan for adopting them later, and avoiding the pollution you will create
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2022 06:05 AM
Thanks Phil, appreciate your comments. Looks like going via Risk Statements is the best way to go.