In this section, you can register risks relevant to the organization and its objectives. An inherent probability and inherent impact is provided for each risk, which are used to calculate the Inherent Risk Score and to display the risk matrix, in addition to the residual impact and probability, which will be used to calculate the Residual Risk Score.
Enterprise risks can be registered and edited through the system interface or offline through a spreadsheet and then be imported back to the system. Once registered, one or more controls can be associated with one or more risks. Enterprise risks can be classified into categories in this module and subdivided into types in the Administration module.
Events to treat enterprise risks can be created so that they can be monitored and queried in the Workflow module. The Enterprise Risk Event type is available by default. However, for other event types to be available for association with enterprise risks, the Object Types section of the Administration module must be accessed and the association with enterprise risks must be enabled for each event type (provided by Modulo or custom) that you want to use.
Custom types of risks can also be created in the Object Types section of the Administration module. Attributes can be applied to one or more types of risks in the Objects and Attributes section of the Administration module. Note that the order defined for risk attributes will affect the default order of the columns in the list, the order in which the fields appear in the spreadsheet, as well as the order in which the attributes appear in the interface.