Create or Edit a Risk
Create a Risk to define and manage issues and potential problems.
To create or edit a Risk, you must log in to Neurons for ITSM as a GRC Manager.
To create a Risk:
1.Open the Risk workspace.
2. Click New Risk to open a blank Risk form.
3.Enter the following information into the Overview section as required:
| Field | Description |
|---|---|
| Title | Enter a title for the new record. |
| Team | From the dropdown, select the team for which the risk record is being created. |
| Owner | From the dropdown, select the owner name. |
| Date Identified | Click the calendar icon and select the date on which the risk was identified. |
| Last Review Date | Click the calendar icon and select the date by which the risk is expected to be reviewed. |
| Review Cadence | From the dropdown, select the frequency with which the risk needs to be reviewed. |
| Create Review Tasks | Select the checkbox to create review Tasks. |
| Status | From the dropdown, select the status of this record. |
| Risk Response | Refers to the action or strategy chosen to address the identified risk. From the dropdown, select the following appropriate option: •Mitigate: Reduce the impact of the risk with controls or a Mitigation Plan. •Accept: Accept the risk without additional action. •Transfer: Transfer the case to an IT Incident. •Avoid: Take steps to eliminate the risk or its impact entirely. |
| Source | From the dropdown, select the relevant source: Audit, Manual, Risk Assessment, or Vulnerability Scan. |
Risk Type | From the dropdown, select the type of risk that might impact the project. |
Risk Category | From the dropdown, select the category of risk based on the Risk Type. |
Risk Sub-Category | From the dropdown, select the sub-category of the Risk Category. |
Inherent Impact | From the dropdown, select the severity of impact that the risk has on the project. |
Inherent Likelihood | From the dropdown, select the likelihood that the risk may have an impact on the project. |
Inherent Risk | This field auto-populates and it indicates the risk score based on Inherent Likelihood and Inherent Impact. |
Mitigation Strength | Indicates the effectiveness of controls or a mitigation plan in reducing the impact of the risk. Select an appropriate option from the dropdown. |
Residual Impact | Indicates the level of impact a risk still has after all mitigation actions or controls are applied. Select an appropriate option from the dropdown. |
Residual Likelihood | Indicates the probability of a risk event occurring after mitigation actions or controls are implemented. Select an appropriate option from the dropdown. |
Residual Risk | Indicates the current risk score after controls and mitigations. This field auto-populates based on the scores of Residual Likelihood and Residual Impact. |
Grade change | Graphically represents the risk level. •Displays •Displays •Displays •No icon, if the Residual Risk or Inherent Risk fields are blank. |
icon to indicate increasing risk (if Residual Risk is greater than Inherent Risk).
icon to indicate no change to risk (if Residual Risk is equal to Inherent Risk).
icon to indicate decreasing risk (if Residual Risk is less than Inherent Risk).Mandatory fields are marked with an asterisk.
4.Click Save.
5.In the Details tab, enter the information into the fields as required.
6.Use the Controls, Mitigation Plans, Assets, Risk Assessments, Audits, Policies, Tasks, Changes, Incidents, Problems, and Security Incidents tabs to link supporting records to the Risk.
Use the Controls and Mitigation Plans tabs to create new Controls and Mitigation Plans.
You can restore hidden tabs using the plus sign (to the right of the tabs).
7.Click Save.
Click Refresh If changes you made or relevant tabs are not shown in the record after you have saved it.
Edit a Risk
To edit a Risk:
1.Double-click the Risk to open the details.
2.Edit the information as required.
3.Click Save.