Create a risk assessment project
Create a risk assessment project to perform assessments on multiple risks and controls simultaneously using Risk Workspace. You can define the project context, including the assessable entity, Risk assessment methodology (RAM), project name, description, and identify and add stakeholders.
Before you begin
Role required: sn_risk_advanced.project_user or sn_risk_workspace.operational_risk_manager or sn_risk_workspace.IT_risk_manager, or sn_risk_workspace.business_op_risk_manager
Procedure
- Navigate to All > Risk > Risk Workspace.
-
Select the list
icon.
- From the list, navigate to Risk assessment projects and select New.
- Select New.
-
In the Define stage, do the following.
-
In the Context section, fill in the fields.
Table 1. Context Field Description Assessable entity Single or composite entity that needs to be assessed. Risk assessment methodology Risk assessment methodology (RAM) that you use to assess risks within the project. - Select Next.
-
In the Details section, fill in the fields.
Table 2. Details Field Description Name Name of the risk assessment project. The name is automatically generated based on the selected assessable entity, followed by the current month and year, with a separator between them. You can modify the name if necessary. Description Description about the risk assessment project. It helps the assessors to understand the project in detail. - Select Next.
-
In the Stakeholders section, fill in the fields.
Table 3. Stakeholders Field Description Owner Name of the project owner. This field is automatically set to the user who created the project, but you can modify it if needed. Assessor type User or group who is responsible for assessing the project. Choices are as follows: - Users: Option to select users responsible for assessing the project.
- Group: Option to select group of users responsible for assessing the project.
- Entity owner: Option to select the assessable entity owner as assessor.
- Entity stakeholder: Option to select assessor from the assessable entity stakeholders list.
Assessors User who is responsible for assessing the project. This field appears only when Users is selected from Assessor type. Assessor group Group that is responsible for assessing the risk. This field appears only when Group is selected from Assessor type. Assessors from entity Assessors from the assessable entity stakeholders list. This field appears only when Entity stakeholder is selected from Assessor type. Watchlist type Users or group who can view and receive notifications about the project. Choices are as follows: - Users: Option to select users who can view and receive notifications about the project.
- Group: Option to select group of users who can view and receive notifications about the project.
- Entity stakeholder: Option to select watchlist users from the assessable entity stakeholders list.
Watchlist users Users who can view and receive notifications about the project. This field appears only when Users is selected from Watchlist type. Watchlist group Group who can view and receive notifications about the project. This field appears only when Group is selected from Watchlist type. Watchlist users from entity Watchlist users from the assessable entity stakeholders list. This field appears only when Entity stakeholder is selected from Watchlist type. The project moves to the Scope risk stage and you can see a list of risks mapped from the underlying entities.
-
In the Context section, fill in the fields.
-
To add risks in the Scope risk stage, you can do the following:
- Optional: To create risks from the risk statement, select Create from risk statements.
- Optional: To add a risk that is not in the library, select Create ad-hoc risk.
- Optional: To remove risks from the assessment without deleting them from the underlying entities, select the risks, and select Remove.
- Optional: To add any risks that have been removed, select Add risk.
-
Select Next.
The project moves to the Assess stage, and a notification goes to the assessor.