Creating risk relationships

In modern risk management, risks do not operate in isolation. Each risk may be influenced by, or have an impact on, various organizational components, such as assets, processes, departments, controls, or assessments. Establishing these risk relationships in Risk Manager improves context, strengthens reporting, and supports more accurate impact analysis and scoring.

Linking risks to other entities in your organization:

  • Enables impact mapping across assets, processes, and departments.

  • Enhances the accuracy of risk assessments and scores.

  • Helps identify dependencies and control gaps.

  • Improves reporting clarity and audit readiness.

  • Supports alignment with enterprise risk management frameworks.

Link the risk to entities

Use Risk Manager to create a relationship between risks and various entities.

Example

Scenario

After you've identified and validated a risk, you can link the risk to different entities such as risk assessment, assets, and controls, to create a relationship between the risk and the entities. For example, you’ve identified and validated a high-priority operational risk: Supply Chain Disruption. To manage it effectively, you want to link it to:

  • Affected assets (for example, key raw materials, ERP systems)

  • Business processes (for example, procurement, order fulfillment)

  • Mitigating controls (for example, dual sourcing strategy)

  • Ongoing assessments (for example, third-party supplier risk assessments)

Process

Open the risk, select relevant relationship types, add entities you want to link, and save the risk record.

For detailed steps, see Working with risks

Result

The risk is now linked to related entities, and the system reflects these relationships for use in reporting, assessment, and mitigation planning.

What's next?

Once your risks are linked to other entities, you can start conducting assessments and calculating risk scores. To continue, see Assessing risks and calculating risk scores.