Hi All,
We are implementing Phase 2 of our GRC setup and have a question around risk assessment methodologies for existing entities.
In Phase 1, we configured a Risk Assessment Methodology (RAM) and it was applied across all entities.
Now in Phase 2, we have introduced a new RAM, and the client wants this new methodology to be applicable to all existing entities, similar to how it worked in Phase 1.
What I have done so far, Moved the old RAM to Draft state and Updated the Primary Risk Assessment Methodology to the new RAM on the entity class.
However, this does not seem sufficient. I can still see existing Risk Assessment Scopes that are linked to the older RAM.
My questions:
What is the recommended approach to apply a new RAM to existing entities?
Is there an out-of-the-box way to update existing Risk Assessment Scopes, or is a script/fix script required?
If scripting is required, are there any best practices or risks to be aware of
Any guidance or experience on handling RAM changes for existing data would be greatly appreciated.
Thanks in advance!
