| Name |
Name of the configuration. An example is Risk Identification for Business Application. |
| Configuration level |
The level where the configuration is done. The choices are as follows: |
| Target entity class |
Entity class for which the risk identification questionnaire is initiated. For each entity of this entity class, a risk identification record is automatically created. This field appears only when
Entity class is selected from Configuration level. |
| Target table |
Table that contains the application record. For each entity of this table, a risk identification record is automatically created. This field appears only when Table is selected from
Configuration level. |
| State |
State of the configuration. This field is automatically set to Draft. |
| Risk manager group |
Group which reviews the risk identification workflow. The users who belong to this group must have the sn_risk.manager and sn_compliance.manager roles. |
| Identification questionnaire |
Option to initiate a questionnaire for gathering information about the application. |
| Inherent assessment |
Option to perform inherent assessment or business impact analysis (BIA) assessment. |
| Recommendation engine |
Option to recommend risks and controls. This option is available only when the Target table field has Business Application. |
| Identification Questionnaire |
| Use smart assessment |
Option enables the use of smart assessment templates. You can select a smart assessment template in the Questionnaire field. For more information on how to create a smart assessment template, see Create a smart assessment template for risk identification. |
| Questionnaire |
Questionnaire used for information gathering.Note: You can see a list of smart assessment templates only when you select the option Use smart assessment. Only published assessment templates with a Risk
Identification category and the Assessment target field selected as Entity are available for selection. |
| Respondent type |
Respondent of the questionnaire. The choices are as follows: |
| Questionnaire review required |
Option to require that the questionnaire is reviewed by a reviewer. |
| Respondent field |
Field on the target table that contains the respondent for the questionnaire. This field appears when the Respondent type field has User on target
record. |
| Inherent Assessment |
| Review for inherent assessment required |
Option to choose if the inherent assessment must be reviewed. |
| Risk assessment methodology |
Option to select the risk assessment methodology (RAM) to perform inherent assessment. You can see the list of RAMs associated with the selected Target table.Note: Only published object-based RAMs with the inherent assessment option enabled are available for selection. |
| Approver type |
Type of approver for the inherent assessment. The choices are as follows:Note: This field appears only when Review for inherent assessment required option is selected. |
| Approver |
Approver for the inherent assessment. For a business application, the approver is the business owner of the application.Note: This field appears only when User on target record is
selected from Approver type. |
| Approver group |
Approver group for inherent assessment. This field appears only when the Approver type field has Group.Note: This field appears only when
Group is selected from Approver type. |
| Recommendation Engine |
| The Recommendation Engine section appears only when the Target table field has Business Application. |
| Recommendation engine algorithm |
Specify the recommendation engine. The choices are as follows:
For details on information objects, see Information objects. |
| Frequency |
| Frequency |
Frequency of the reinitiation of the workflow. Note: The next run date of the reinitiation of the workflow is calculated based on the frequency defined in the risk integration configuration record. This
frequency ensures continuous evaluation of the application. |
| Month |
Month when the job must run. |
| Day of month |
Day of the month when the job must run. |