GRC Risk Assessment
GRC Risk Assessment
Calculating Business Risks
The assessment of business risk requires access to the right data to establish both the level of risk that exists and the information the business needs to remedy the situation. Assessments are surveys that gather evidence to determine risk.
In simple form, GRC assessments verify answers and provide access to key data:
- Is this control implemented?
- Attach evidence
- Explain
If your policies are not well defined and your processes are manual then your analysts are going to spend more time on the first two bullets than the more important activity of explaining and remediation. In these scenarios organizations are pressured to deliver quickly and when things don’t scale well business face additional risks.
Calculating Business Risk
Here are two methods to calculate the risk of a change.
The first method is the Best Practice - Change Risk Calculator is activated in the base system by default. The Change Risk Calculator uses predefined properties and conditions to calculate a risk value.
The second method is Change Management - Risk Assessment and is optional. Risk Assessment uses the information provided by the end user to assess a risk value.
The two methods can be used individually or together, depending on your requirements. If the methods are used together, the highest risk value from both methods is always selected.
Risk Assessment and Calculation
If both Risk Assessment and Risk Calculator are active but you want to use only one method, remove conditions for the method you do not want to use.
If you activate Change Management - Risk Assessment, the administrator can add the Task Assessment > Task related list to the change request form, if necessary. The related list displays risk assessments associated with the change request.
Risk Calculator property
The Best Practice - Change Risk Calculator plugin enables dynamic calculations of the risk and impact of a change. The administrator specifies how and when risk and impact rules are applied.
Add or modify risk and impact conditions
You can define risk calculation rules on which the risk and impact of a change are calculated. Best Practice - Change Risk Calculator is activated by default in the base system.
Define risk assessments
Change Management - Risk Assessment provides a flexible way to capture information from the end user to calculate the risk of the associated change request. You can define the risk assessment questions, thresholds, and conditions that calculate risk for any change request.
