RAM Configuration Flashcards
The RAM initiation guided set ups are available on the Risk Workspace via which 2 playbooks?
one for the risk manager to create a number of assessment instances, one for the risk specialist to create specific assessments
Both RAM initiation guided set up playbooks follow the same lifecycle except…?
scope definition lifecycle stage
If assessing a risk scoped with an entity, the primary RAM is set on the ______ record
entity class
What field appears when the Assess field on an Assessment is set to Object?
Table
What is the risk level without controls or mitigation actions that often assesses the impact if the risk occurs and the likelihood of it occurring?
Inherent risk
What is the assessment of effectiveness of mitigating controls to prevent, detect, or correct the risk?
Control effectiveness
What is leftover risk after implementation of controls?
Residual risk
Which 2 tabs can be enabled on risk assessment instances for risk-based assessments?
Risk Response and Target Risk
What are the three available assessment types that can be included on a RAM template?
inherent risk, control effectiveness, residual risk
The rollup configuration, Business rules and validation, risk response configurations, and reference information sections only appear if the Assess field has the value _____?
Risk
What three Business rules are available in the RAM configuration?
mandate final comment, residual score lower than inherent, automatically create issue
What are the two options for automatically creating an issue on a RAM configuration?
on breach of appetite and on breach of tolerance
What 4 options are available under reference information on a risk assessment?
show related risk events, show related risk indicators, show open issues, show previous assessment
The Other Configurations tab on a risk assessment contains what 6 fields?
Advance reminder, Overdue reminder, Risk identification, Copy previous responses, Allow override of results, and Configure section terminology
What 2 options are under Risk Response configurations on a risk assessment?
Allow single risk response and Risk response is required
What field appears under Other Configurations of an assessment when Object is selected from the Assess field?
Update assessment results to source record
Which RAM is included in the baseline?
IT ram
The primary RAM controls the lifecycle of the _____ linked to the entity
risks
What is the Advanced Risk Assessment lifecycle?
Ready to assess, Assessment types, Respond (optional), Awaiting approval (optional), Monitor
Which role is required to initiate an assessment and assign the assessor?
sn_risk_advanced.ara_creator
Which role is required to assess?
sn_risk_advanced.ara_assessor
Which role is requiured to create controls and add controls ad-hoc from library during control assessment state?
sn_compliance.user
Which role is required to approve an assessment?
sn_risk_advanced.ara_approver
The risk assessment is automatically moved into the _____state after it is approved
Monitor
As of the March 2022 store release, sn_grc.business_user role must be granted what 4 roles for advanced risk related actions?
sn_risk_advanced.ara_creator/reader/approver/assessor
What is risk record workflow and what causes it to update?
Draft, Assess, Respond, Monitor, Retired; modifications to the entity or primary RAM
The states on the risk record and the _________ record are kept in sync
ARA
Once the risk response task is closed, the risk is automatically moved into the ______ state
Monitor
