Table 1. Risk form

Field	Description
Number	Unique identification number. This field automatically populated.
Inherit from risk statement	Option to create a risk independent of risk statement.
Active	Option to indicate if the risk is active.
Name	Name for the risk. Field is auto-populated if the risk is generated from a risk statement, but can be changed without affecting the relationship between the risk and risk statement.
Description	Description of the risk and how it is a threat to the organization.
Risk Statement	Risk statement this risk is associated with.
Category	Category of risk which applies to the profile. Legal Financial Operational Reputational Legal/Regulatory Credit Market IT If the risk is generated from a risk statement, the field is automatically populated/
Entity	Entity related to the risk. Note: Only active entities are shown.
Sync with entity owner	Option to assign the entity owner as the owner of this risk record. When selected, if the entity owner changes, the risk owner is updated automatically. This option is set to True by default.
Owning group	Owning group for the risk.
Risk relevance	Explanation of how this risk applies to you. Note: This field only appears when the Inherit from risk statement option is selected.
Owner	Owner for the risk. Note: The owner is always added as a respondent.

This tab is only visible if you have the Advanced Risk plugin activated. The scores of the risk assessment methodology selected as the primary are displayed in the risk scoring section. If the Advanced Risk plugin is not activated, then the following sections for classic risk appear.

Table 2. Risk Scoring Form

Field	Description
Note: These fields appear for classic risk.
Assessment	Assessment to attach to this risk.
Assessment respondents	Users assigned to the assessment of this risk. Note: Only a user with the sn_grc.user role can be added as a respondent.

Table 3. Risk Scoring form

Field	Description
Note: These fields appear for classic risk.
Inherent SLE	Monetary value of a risk if it occurs before any mitigation strategies are in place.
Residual SLE	Monetary value of a risk if it occurs after all mitigation strategies are in place.
Inherent ARO	Probability that a risk occurs in any given year before any mitigation strategies are in place.
Residual ARO	Probability that a risk will occur in any given year after all mitigation strategies are in place.
Inherent ALE	Annualized loss expectancy ALE = SLE x ARO before any mitigation strategies are in place.
Residual ALE	Annualized loss expectancy ALE = SLE x ARO after all mitigation strategies are in place.
Inherent score	The score of the risk before any mitigation strategies are in place.
Residual score	The score of the risk after all mitigation strategies are in place.
Calculated ALE	Annualized loss expectancy based off all calculations.
Calculated score	The corresponding score for the calculated ALE.

Table 4. Risk Response form

Field	Description
Response	Accept Avoid Mitigate Transfer
Justification	Enter a reasonable justification for the selected response

Table 5. Risk Monitoring form

Field	Description
Control compliance percentage	Percentage of compliant controls
Control non-compliance percentage	Percentage of non-compliant controls
Control failure factor	Sum of failed controls weighting divided by total controls weighting
Indicator failure factor	Uses the last result of each associated indicator. Number of last results failed divided by total number of indicators associated.
Calculated risk factor	This value is calculated from (Indicator failure factor + Control failure factor) / 2.