Manage risks linked to the same risk statement
Summarize
Summary of Manage Risks Linked to the Same Risk Statement
The latest release allows users to create and associate multiple risks with the same risk statement and entity combination, addressing the needs of customers without a standardized risk taxonomy. Previously, only one risk could be linked per entity and risk statement, limiting flexibility for organizations with varying risk structures.
Show less
Key Features
- Multiple Risk Associations: Users can now associate multiple risks to a single risk statement and entity, enhancing the ability to manage risks effectively.
- Inherit from Risk Statement Option: This new feature allows users to select whether to maintain the previous single instance approach or enable multiple associations. If not selected, it permits a categorization hierarchy for risks.
- Customization of Risk Taxonomy: Risk managers can define risk taxonomy tailored to their organization's needs, facilitating better risk identification and management.
- Prevention of Orphan Risks: The feature helps prevent orphan risks by ensuring that all identified risks are linked to an entity and managed appropriately.
Key Outcomes
This enhancement empowers organizations to better align their risk management processes with their operational structures. By enabling multiple risk associations, customers can effectively aggregate new risks into their enterprise risk hierarchy, resulting in improved risk visibility and management across business units.
You can create and associate multiple risks to the same risk statement and entity combination. This association benefits the risk managers and the entity owners.
Before the latest release, users could only associate one risk for a single entity and risk statement combination. This ability was useful for customers who have a mature risk program with a well-defined and standardized risk taxonomy. However, it did not meet the requirements of customers who do not have a standardized risk taxonomy. Such customers usually have only two or three levels of risk statement hierarchy while their actual risks are still local for each business unit or lines of business. Also, when the first line identifies new risks, they associate those risks to an enterprise risk hierarchy. This allows the new risk scores to aggregate and impact the overall risk hierarchy. With the current release, a new option called Inherit from risk statement is introduced on the Risk form. If this option is selected, the risk creation happens in the previous manner. This means that there can be only one instance of risk statement and entity combination. However, if this option is not selected, the system allows the risk statement hierarchy to be used as categorization and sub-categorization hierarchy and associates multiple risks to the same risk statement and entity combination. This option also enables the first line to associate their newly identified risks to the risk hierarchy at a level they want to. When this new option is not selected, the system assumes that the name and description of the risk is overridden and must not be the same as the risk statement name and description.
This feature benefits the risk manager as it allows the risk managers to define the risk taxonomy according to the needs of their organization. It also benefits the entity owners to identify risks for their entity and link them to enterprise risk taxonomy.