Risk Management using the Risk Manager app
A recommended approach to manage your organization's risks and controls, using the Diligent One Platform.
Risk Management overview
A risk management program helps you to manage risks and controls in your organization more efficiently. You can categorize risks and controls based on the structure and needs of your organization, relate risks and controls to your organization's assets, trigger assessments, and calculate risk scores.
Note
The Risk Manager app is not the only way to manage risks and controls. You can do this in the Projects app also. If you are using risks and controls in the Projects app for your audits, then continue doing so. The Risk Manager app is most applicable when you are managing IT or third-party risks.
People involved in risk management
People involved in a risk management program can include:
- Risk Manager
- Risk Owner
- Risk Assessor
How it works
The risk management process follows this general flow.
- Risk identification In this step, you identify threats to your organization. These are risks that may affect the day-to-day functioning of your organization. The risks can be identified with a flexible set of attributes based on your company's objectives, goals, and strategies.
- Risk relationship and hierarchy In this step, you assess the vulnerability of critical assets, processes, or an entire organization to specific threats. You create a hierarchy of risks and relate them to other risks, controls, organizations, assets , processes, and other relevant entities.
- Risk assessment In this step, you determine the expected likelihood and consequences of specific types of attacks on specific assets. Risk assessment determines possible mishaps, their likelihood and consequences, and your organization's tolerance for these events. Risk assessment can be based on a number of factors such as impact, likelihood, and velocity. When you are assessing a risk, you will come across two types of risks:
- Inherent risk: This is the risk level before actions are taken to mitigate the risk's impact or likelihood. For example, susceptibility to theft or fraudulent reporting.
- Residual risk: This is the remaining risk level following mitigating actions. For example, after CCTVs are installed and security guards are hired, there is still a chance of a theft. Therefore, Residual risk = Inherent risk - Mitigation.
- Risk scoring In this step, risk scores are calculated based on factors such as impact and likelihood of the risk.