A risk identification questionnaire can be beneficial in discovering risks based on the answers submitted in periodic assessments, but it is also possible to add ad hoc risks identified through other means. When you discover a potential risk in the domain, you can add the risk to an assessment by using the Identify New Risks wizard.
To add one or more risks to an assessment:
Display the details of an assessment. You can either:
- Go to Assessments > Assessments, select the desired assessment, and click Details.
- Go to Assessments > Programs, select the program containing the desired assessment, select the assessment, and click Details.
From within the Risk Management tab, click Identify New Risks. The Risk Identification wizard appears, showing the Risk Identification wizard page.
In the Risk Identification page, select risks by browsing, searching, or creating a new risk. To search, enter the risk name or permanent ID and click the search icon. To create a new risk, click New Risk. To browse, select a risk from the tree of Available Risks and then click the right arrow to add it to the Selected Risks list.
Click Next to continue.
The Select Targets page is displayed. The Targets section will list all the entities associated with programs. Select entities as targets to map a risk in the assessment.
Click Next to continue.The Map Targets page is displayed. Risks can be mapped onto multiple targets and targets can have multiple risks. To map a risk to a target, select one or more risks and targets and click Map.
Click Next to continue.The Review and Confirm wizard page is displayed. Click Finish to add the selected risks to the assessment.
Any subcontrols that are mapped to the newly added risk appear on the Risk Management tab of Assessment Details page.
