Adding and validating a risk

Once you have set up the Risk Manager solution, you are ready to add and manage your organization's risks. Your organization will have a wide variety of risks based on factors like industry, domain, and location.Regardless of the type of risk, the workflow remains the same. Each risk needs to be identified, associated to related entities, and assessed. Then, your organization can decide the best methods to prioritize and mitigate those risks.

Add a risk to the Risk Manager

In the Risk Manager, you can keep track of your risks and record key pieces of information about each one.

Example

Scenario

You are a Risk Manager tasked with creating a new security and compliance program for your organization. You have a lot of risks to address, but you decide to start with one of the most important risks in your risk management process — a Virus Threat.

Process

Help topicWorking with risks

You open the Risk Manager app and add the risk: Virus Threat.

Result

The Risk Manager app saves your risk (Virus Threat) and automatically assigns it the Draft status.

Identify and validate the risk

After creating a draft of your risk, you can add additional information and advance the risk through the Risk Manager workflow. You can enter pieces of critical information about the risk and move it to Identification and then Analysis status.

Example

Scenario

Now that you have added your risk (Virus Threat), you want to identify and validate the risk so you can enter further information about it and start assessing it.

Process

Help topicWorking with risks

You move your risk through the Identification and then Analysis status.

Result

Your risk has all the required information and is an identified and validated risk in your organization.

What's next?

After you have added and validated the risks, you can start adding controls for those risks. For more information, see Adding and managing controls.