You can create a new risk if your user role has Risk View and Risk Author permissions.
To create a new risk:
- In the RiskVision Application application, go to Content > Risks.
- Use the tree on the left to find Risks & Threats and under that, the risk category or ISO domain for the new risk. In the right-hand panel, click the Risks tab and then click New.
- Enter the following parameters and click Save (on the top bar):
- Title: The risk's title, such as "Computer crime", or "Incomplete background checks".
- Permanent ID: A unique identifier, such as "BR0031".
- Description: A general description of the risk which can include styled text.
- ISO Reference: Choose from one of the available options or define a new entry.
- Enabled for Assessment: Choose Yes or No.
- Categories: Select one or more categories from the category tree.
Risk categories can be created or deleted using the New Category, New Sub Category, and Delete Category actions in the drop-down list associated with the Risk Configuration tree. The availability of these actions depends on the currently selected node in the Risk Configuration tree.
Despite the possibility of importing a risk with the Enabled For Assessmentoption set to 'No,' the risk will be applicable in risk assessment. When risks are imported using this setting, you must delete the risk or mark the risk as not applicable to drop them from assessments. For information about how to delete a risk or mark a risk as not applicable, see Understanding Risk Actions.