The Risk details emphasizes to work on different aspects of a risk within a single user interface.
You can view the details of a risk in the following menu locations of the Enterprise Risk Manager application:
- Risk Register page on the Home menu.
- Risk Register tab on the Program details page.
- Risk Management tab on the Assessment Details page of assessment.
Clicking the risk title displays the risk details with the following sections:
- Summary. This section provides an overview of the risk, and includes information, such as the category of the risk, the risk ID, the owner, and a description of the risk. Also, lets you know if the risk is applicable or not.
- Risk Assessment Questionnaires. This section displays the risk assessment questionnaire. You can view the current stage stakeholder to whom the questionnaire has been assigned and also helps you perform the relevant actions on the questionnaire, such as answering or delegating the questionnaire.
- Comments. This section allows the entering of comments. Clicking Add a comment enables entering of text, and clicking Save preserves the comment.
- Inherent Risk Analysis. This section allows to rate the inherent impact and inherent likelihood of risk. Clicking Edit followed by Save accepts the change of ratings. For more information, see Inherent Risk Analysis.
- Mapped Controls. This section displays the controls mapped to the risk. Clicking New Control Mapping allows you to add more controls. Existing controls can be marked as 'applicable' or 'not applicable' using the Mark as applicable or Mark as not applicable options.
- Residual Risk Analysis. This section allows to rate the residual impact and residual likelihood of risk. Clicking Edit followed by Save accepts the change of ratings. For more information, see Residual Risk Analysis.
- Risk Responses. This section displays responses that have been created to remediate the risk. Clicking New creates a new response and clicking Delete deletes the response.
- Risk Auto-Identification. This section indicates whether the risk is identified automatically through a failed control in the Compliance Manager program or Vendor Risk Manager program. When the risk is identified automatically, the grid in the section lists the failed control.
To learn about the action options available in the Actions drop-down list of Risk Details page, see Understanding Risk Actions.