Adding and validating a risk
Once you have set up the Risk Manager solution, you are ready to add and manage your organization's risks. Your organization will have a wide variety of risks based on factors like industry, domain, and location.Regardless of the type of risk, the workflow remains the same. Each risk needs to be identified, associated to related entities, and assessed. Then, your organization can decide the best methods to prioritize and mitigate those risks.
Add a risk to the Risk Manager
In the Risk Manager, you can keep track of your risks and record key pieces of information about each one.
Example
Scenario
You are a Risk Manager tasked with creating a new security and compliance program for your organization. You have a lot of risks to address, but you decide to start with one of the most important risks in your risk management process — a Virus Threat.
Process
Help topicWorking with risks
You open the Risk Manager app and add the risk: Virus Threat.
Result
The Risk Manager app saves your risk (Virus Threat) and automatically assigns it the Draft status.
Identify and validate the risk
After creating a draft of your risk, you can add additional information and advance the risk through the Risk Manager workflow. You can enter pieces of critical information about the risk and move it to Identification and then Analysis status.
Example
Scenario
Now that you have added your risk (Virus Threat), you want to identify and validate the risk so you can enter further information about it and start assessing it.
Process
Help topicWorking with risks
You move your risk through the Identification and then Analysis status.
Result
Your risk has all the required information and is an identified and validated risk in your organization.
What's next?
After you have added and validated the risks, you can start adding controls for those risks. For more information, see Adding and managing controls.