Create a risk statement
Risk managers create risk statements to group risks into manageable categories.
Before you begin
Role required: sn_risk.manager
Procedure
- Navigate to All > Risk > Risk Library > Risk Statements.
- Click New.
-
On the form, fill in the fields.
Note:When any of the following statement fields changes: Name, Description, Reference, Category, Type, Classification, and Attestation, all the associated controls and risks are updated, and their state is set back to Draft.
Table 1. Risk Statement form Field Description Name Name of the risk statement. Parent Parent risk statement. Framework Framework this risk statement is associated with. Category Choose a category. - Legal
- Financial
- Operational
- Reputational
- Legal/Regulatory
- Credit
- Market
- IT
Assessment Risk assessment template to be assigned to this risk statement. An assessment template is a questionnaire that is used for assessing a risk. Description Description of the risk statement. Additional information Additional information for this risk statement. Note:Accurate default scoring selections are important for normalizing risk across the organization. - To fill in the fields for the risk appetite section, see Define the risk appetite for a risk statement.
-
Click the Default Scores related list and fill in the
fields on the form, as appropriate.
Table 2. Default Scores form Field Description Inherent SLE Impact that the event has on the organization if there are no controls to check the event. Residual SLE Impact that the event has on the organization if there are controls to check the event. Inherent ARO Likelihood of the event occurring if there are no controls to check the event. Residual ARO Likelihood of the event occurring if there are controls to check the event. -
Click the Risk Rollup and Tolerance related list and on
the form, fill in the fields.
Table 3. Risk Rollup and Tolerance form Field Description Expected ALE Annual Loss of Expectancy (ALE) refers to the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). Expected ALE is the expected value of the ALE for the risk statement. Enter currency and amount for the expected ALE. Note:This value must be less than or equal to the Maximum acceptable ALE.Sum of calculated ALE This calculation is based on the sum of calculated ALE of all the underlying risks of the risk statement and its children risk statements. Maximum calculated ALE This calculation is based on the maximum of calculated ALE of all the underlying risks of the risk statement and its children risk statements. Maximum acceptable ALE Threshold value for the ALE for the risk statement. Note:This value must be greater than or equal to theExpected ALE. This value has an impact on the Tolerance status field.Average calculated ALE This calculation is based on the average of calculated ALE of all the underlying risks of the risk statement and its children risk statements. Minimum calculated ALE This calculation is based on the minimum of calculated ALE of all the underlying risks of the risk statement and its children risk statements. Calculated Score The corresponding score for the calculated ALE: - Low
- Med
- High
-
Click the Basel Categorization related list and select
the Basel Categories Hierarchy.
The Basel categories are as follows:
- Internal Fraud: misappropriation of assets, tax evasion, intentional mismarking of positions, bribery.
- External Fraud: theft of information, hacking damage, third-party theft and forgery.
- Employment Practices and Workplace Safety: discrimination, workers compensation, employee health and safety.
- Clients, Products, and Business Practice: market manipulation, antitrust, improper trade, product defects, breaches, account churning.
- Damage to Physical Assets: natural disasters, terrorism, vandalism.
- Business Disruption and Systems Failures: utility disruptions, software failures, hardware failures.
- Execution, Delivery, and Process Management: data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets.
- Click Submit.