Assigning a risk to a state
Assign a risk to a state to define its current state and risk mitigation workflow.
How it works
Each state is displayed in a separate column within the risk profile. You can move risks from one state to another based on the risk assessment, and your company's risk tolerance and appetite.
The number of risks in the column displays in the column header.
Accepted and Mitigated states
If you drag the risk tile to the Accepted or Mitigated state, you are prompted to select the duration of time to accept or mitigate the risk. Once the mitigation period is finished, the risk tile automatically moves back to the Assess state.
Default states
The table below shows the default states available.
Strategy Admins can customize the name of risk states under Settings > Risk Profile to align with your company's terminology.
State | Remarks |
---|---|
Assess | New risks added are initially assigned this state. |
Accepted | Risks that fall within your company's risk tolerance are assigned to this state. |
Audit | Risks that you choose to address through an audit plan are assigned to this state. |
Continuously Audit | Risks that you choose to address by continuous auditing are assigned to this state. Note This state can be hidden by a Strategy Admin if your company's workflow does not include continuous auditing. For more information, see Configuring risk profile settings. |
Mitigated | Risks that can be mitigated by existing or assigned resources and capabilities are assigned to this state. |
Permissions
Only Strategy Admins and Oversight Executives can assign a risk to a state.
Assign a risk to a state
- Open the Strategy app.
- Click the risk tile from the current state panel.
- Drag the risk tile to the new location.Tip
You can also reorder items within each state using the same method.