Manage risks linked to the same risk statement
Summarize
Summary of Manage risks linked to the same risk statement
The latest release enables users to create and associate multiple risks to the same risk statement and entity combination, enhancing risk management for organizations with diverse risk profiles. This update addresses the needs of customers without a standardized risk taxonomy, allowing for more flexible risk identification and categorization.
Show less
Key Features
- Multiple Risk Associations: Users can now link multiple risks to a single risk statement and entity, expanding the previous limitation of one association.
- Inherit from Risk Statement Option: Users can select this option to revert to the previous method, allowing only one risk per statement and entity combination.
- Risk Hierarchy Flexibility: When not using the inherit option, the system allows for a robust categorization of risks, enabling the first line to associate newly identified risks to the desired level of the risk hierarchy.
- Customization of Risk Taxonomy: Risk managers can define the taxonomy based on organizational needs, ensuring relevance and applicability.
Key Outcomes
This feature allows organizations to prevent orphan risks by ensuring all identified risks are linked to relevant risk statements, promoting accountability and comprehensive risk management. As a result, organizations can better understand and manage risks across different business units, leading to improved oversight and reduced risk exposure.
You can create and associate multiple risks to the same risk statement and entity combination. This association benefits the risk managers and the entity owners.
Before the latest release, users could only associate one risk for a single entity and risk statement combination. This ability was useful for customers who have a mature risk program with a well-defined and standardized risk taxonomy. However, it did not meet the requirements of customers who do not have a standardized risk taxonomy. Such customers usually have only two or three levels of risk statement hierarchy while their actual risks are still local for each business unit or lines of business. Also, when the first line identifies new risks, they associate those risks to an enterprise risk hierarchy. This allows the new risk scores to aggregate and impact the overall risk hierarchy. With the current release, a new option called Inherit from risk statement is introduced on the Risk form. If this option is selected, the risk creation happens in the previous manner. This means that there can be only one instance of risk statement and entity combination. However, if this option is not selected, the system allows the risk statement hierarchy to be used as categorization and sub-categorization hierarchy and associates multiple risks to the same risk statement and entity combination. This option also enables the first line to associate their newly identified risks to the risk hierarchy at a level they want to. When this new option is not selected, the system assumes that the name and description of the risk is overridden and must not be the same as the risk statement name and description.
This feature benefits the risk manager as it allows the risk managers to define the risk taxonomy according to the needs of their organization. It also benefits the entity owners to identify risks for their entity and link them to enterprise risk taxonomy.