Risk Implementation Approach Flashcards
Risk Record & Risk Framework - lifecycle and role to create
active - inactive
Risk manager or above
Risk Lifecycle
Draft Assess Respond Review Monitor Retired
Who can create a risk
Risk User
Who performs risk assessment
Risk Owner
Who can move risk into monitor
Risk Manager
Who can retire a risk
Risk Manager
Risk Response Lifecycle
Draft
Work in Progress
Review
Closed
if it is an “accepted” risk (not mitigate, avoid, transfer) “awaiting approval” state is included after WiP
Who/How are Risk Responses generated
Automatically when risk is in “respond” state
or by Risk User
Who can be assigned Risk Response
Risk User
Who can assign Risk Response
Risk Manager
Who can close Risk Response
Assigned Risk User
or grc_manager
Primary Risk Relationship
Risk Framework Risk Statement Risk
RF–>RS =m2m, RS–>RF=0to1, RS–>Risk=m2m, Risk–>RS= NotSpecified?(P.188
**Recommend studying page 189
**recommend studying page 189
Indicator template - name and scope
sn_grc_indicator_template
GRC: Profiles
Indicator - name and scope
sn_grc_indicator
GRC: Profiles
Risk Statement - name and scope
sn_risk_definition
GRC: Risk
Risk - name
sn_risk_risk
GRC: Risk
Entity Type - name and scope
sn_grc_profile_type
GRC: Profiles
Entity - name and scope
sn_grc_profile
GRC: Profile
Issue - name and scope
sn_grc_issue
GRC: Profiles
Risk Assessment - name an scope
asmt_metric_type
GRC: Risk
Risk Response Task - name and scope
sn_risk_response_task
GRC: Risk