Target risk assessment in Advanced Risk

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Target risk assessment in Advanced Risk

    The target risk assessment feature in the Advanced Risk application allows organizations to define and monitor their desired future risk levels. It helps you establish the optimum risk posture you aim to achieve after implementing risk response actions, enabling measurement of benefits relative to the cost of mitigation efforts. This assessment type complements inherent, control, and residual risk evaluations by focusing on the future target risk state.

    Show full answer Show less

    Setting Up a Target Risk Assessment

    A risk administrator configures target risk assessments within the Advanced Risk application by enabling the option on the Risk Assessment Methodology (RAM) form. This can be applied to existing published RAMs but cannot be disabled once activated. Target risk assessments apply only to new assessments and cannot be performed on ones already in progress.

    Assessing Target Risks

    Assessors evaluate the future risk state using defined factors, scoring logic, and rating criteria from the RAM form. The system calculates the future risk appetite status to determine alignment with organizational risk appetite. Risk approvers review and approve the target risk rating and appetite status. Target risk assessments can be conducted for both risk-based and object-based assessments; however, future appetite status is not calculated for object-based assessments.

    Reporting and Monitoring

    The heatmap visualization displays the inherent, residual, and target risk profiles, offering a comprehensive view of risk evolution. When risk assessment criteria are shared, you can track risk movement across these states. Additionally, the risk trend feature enables analysis of risk changes over the last five periods to verify if risks are progressing toward the desired target state.

    You can perform a target risk assessment to define your desired future risk level using the Advanced Risk application. The target risk assessment enables you to assess your target risk posture and monitor progress toward its achievement.

    Overview of a target risk assessment

    A target risk assessment is an assessment type to define the desired risk level the organization want to achieve in the future. By evaluating the desired level of likelihood and impact of identified risks, organizations can establish target risk levels for each risk.

    For example, when assessing a risk, organizations consider various aspects such as inherent risk, the effectiveness of controls, and residual risks. However, it's equally important to capture the desired risk level that will be attained after the risk response is implemented. The target risk represents the optimum level of risk that you aim to achieve after your action plan is successfully executed. It enables you to measure the benefits your organization gets in relation to the cost of implementing those actions.

    Setting up a target assessment

    A risk administrator can configure and set up a target risk assessment for your organization in the Advanced Risk application. Risk administrator can enable the option for assessing a target risk on the Risk assessment methodology (RAM) form. For more information, see Configure a target assessment.

    Important:
    You can enable target risk assessment for existing published RAMs. However, after you enabled, it can’t be turned off. Additionally, target risk assessment can only be conducted for new assessments and not for assessments that are already in progress.

    Assessing a target risk

    Assessors can analyze the future state of the risk based on the defined factors, scoring logic, and rating criteria in the RAM form. Assessing the future state of risk is a structured process that shares similarities with inherent, control, and residual assessment types. Based on the target risk profile, the system also computes the future risk appetite status. It enables assessors to analyze if the target risk profile is in line with the risk appetite or not. Risk approvers can review the target risk rating and the future appetite status and approve them. Target risk assessment can be performed for both risk and object-based assessments. However, if it’s object-based, the future appetite status isn’t computed and displayed. For more information, see Perform advanced risk assessment in the Risk Workspace.

    Important:
    If target risk assessment is enabled for a methodology, the risk or object can only be assessed in the next experience.

    Reporting a target risk

    On the heatmap, you can view the target risk profile, which provides a comprehensive understanding of the inherent, residual, and target states of the risk. When the risk assessment criteria are shared, you can analyze the risk movement from inherent state to residual state and then to its target state. By using the risk trend capability, you can assess risk changes over the past five periods to determine if it’s moving in the desired direction. For more information, see Risk heatmap workbench.