The Content wizard page on the program wizard allows you to choose either RiskVision Content or your own organization's Controls and Questionnaires, see About Controls and Questionnaires for additional information on content.
Enterprise Risk Management (ERM) select an ERM questionnaire type and IT Risk Management (IT RM) select an IT RM questionnaire type that allows the program owner and stakeholders to select risks that apply to the entities being evaluated.
Resolver provides the following questionnaires for ERM and IT RM programs:
- Content > Questionnaires > Enterprise Risk Assessment > Risk Identification: Allows each stakeholder in the Information Gathering stage to add risks that all stakeholders of the information gather stage evaluate. Note that risks are assigned once the questionnaire is complete.
- Content > Questionnaires > Enterprise Risk Assessment > Risk Assessment: Allows the program owner to select the risks. A blank questionnaire is sent to the stakeholders of the information gathering stage when you launch the assessment. The risks are automatically added to the questionnaire when the program owner selects them. Stakeholders determine the likelihood and impact for each risk.
- Content > Questionnaires > Enterprise Risk Assessment > Application Risk Assessment: Allows all the authorized users to assess the controls, whether it is applied or not to a risk in an assessment.