You can associate entities, entity types, and indicator templates, at any level of the risk statement hierarchy. Creating this association is useful for risk managers while assessing risks.

All organizations maintain a standardized risk taxonomy. This taxonomy is organized into hierarchies and sub-hierarchies that enable the right level reporting of risk to the appropriate stakeholders. Also, depending on the user who is assessing the risks, the level at which the risk may be assessed is different. For example, enterprise risks are assessed at the top level while detailed risk and control assessments are done at the bottom-most level of the risk hierarchy. With the latest release, users can now associate entity types or entities along with indicator templates at any level of risk statement hierarchy. Therefore, if a customer wants to perform a top-down risk assessment, they can do so by mapping the company to the top-level risk statement hierarchy. They can also perform the traditional bottom-up risk assessment by applying the lowest risk statement to the business units or lines of business. The bottom-most or lowest level is also known as the leaf level. This flexibility to associate entities to risk at any level is useful for enterprise risk managers as it helps them perform the top-down risk assessments.

The following figure shows the risk statement form where users can associate entities to create risks.