Adding and managing IT risks and controls in the Risk Manager
After creating the assets in the Asset Manager, you can add your IT risks and controls in the Risk Manager and associate them to your organization's IT assets. Then, you can assess the risks and make risk mitigation plans based on the risk assessments.
This article builds on the examples illustrated in Adding and managing IT assets in the Asset Manager.
Create risks in the Risk Manager app
In the Risk Manager app, you can add as many risks as you want that are relevant to your IT assets.
Example
Scenario
Now that your laptop asset is created, you're ready to create risks that are relevant to your IT asset.
Process
Help topic Working with risks
You open the Risk Manager app and add a risk called Virus Threat.
Result
You have successfully created a risk for your laptop asset. You can add additional risks if required.
Create controls in the Risk Manager app
In the Risk Manager app, you can add as many controls as you want that are relevant to your IT risks.
Example
Scenario
Now that your IT asset and risk are created, you're ready to create controls.
Process
Help topic Working with controls
You open the Risk Manager app and add a control called Anti-virus Software.
Result
You have successfully created a control for your laptop asset. You can add additional controls if required.
Create relationships in the Risk Manager app
Now that you have created the IT assets, risks, and controls, you can link these to each other to create a relationship between these entities.
Example
Scenario
Now that your IT asset, risk, and control are created, you're ready to link them to each other.
Process
Help topic Create risk relationship
You open the Risk Manager app and link your risk to the IT asset and the control.
Result
You have successfully linked your risk to the IT asset and control. You can add additional relationships if required.
Assess your IT risks
After creating and associating your risks to the controls and the IT assets, you can begin assessing your risks.
Example
Scenario
Now that your IT asset, risk, and control are created and associated, you're ready to assess your risks.
Process
Help topic Assess your risks
You open the Risk Manager app and assess your risk.
Result
You have successfully assessed your risk.
Assessments are generated based on the relationships of your risk.
For more information about assessments, see How are assessments generated?
Calculate the risk scores
After triggering assessments, you are now ready to calculate the risk scores. You can calculate the inherent risk score in both risk and risk event assessment records.
Example
Scenario
To calculate the inherent risk score, you will need to know the Impact and Likelihood of a risk. You can refer to the table below.
| Impact | ||||
|---|---|---|---|---|
| High | Medium | Low | ||
| Likelihood | High |
High |
High | Medium |
| Medium |
High |
Medium | Low | |
| Low |
Medium |
Low | Low | |
Process
Help topic Calculating risk scores
You open the risk assessment record, fill in the Impact and Likelihood fields, and trigger risk scores.
Result
The inherent risk score is successfully calculated.
Assess your controls
After assessing your IT risks, you can begin assessing your controls.
Example
Scenario
Your IT risk has been assessed, and a control assessment has been generated. You now want to assess the control.
Process
Help topicAssessing a control
You open the control assessment record and calculate the residual risk score.
Result
You have successfully completed the control assessment.
What's next?
You can use Workflow robots to import assets, risks, and controls data into Results. There, you can see your project data in one place, so you can more quickly identify outstanding action items. For more information, see Importing and viewing IT risk data in Results.
