Creating risks
The procedure for creating a risk varies according to the profile you are using.
To create a risk associated with an organizational process with the Control and Risk Architect profile:
1. From the Repository paint, select Main Objects, then unfold theBusiness Process folder.
2. Open the properties window of the product that interests you.
3. Select the Risks tab.
4. Click the New button.
The risk creation dialog box appears.
To create a risk with the Risk Manager (simplified) profile:
1. Select Risk Library > Risks > All Risks and select Risks > All Risks.
2. Click the New button.
The risk creation dialog box appears.
Risk characteristics
In the Characteristics section of the risk properties window, you can specify the following characteristics:
• the risk identification Code
• the risk Name
• the fact that the risk is high level by selecting the Key Risk check box
• the risk Owner.
By default the
owner is the risk creator.
• the risk Identification Mode
The risk could have been identified from:
• an "Incident database"
• a "Workshop"
• a "Survey"
• a "Mission audit"
• the risk Description
the
Risk Status appears grayed and cannot be modified since it is managed by the workflow associated with the risk. For more information, see
HOPEX Enterprise Risk Management.
Risk scope
Risk scope enables definition of risk location. It relates to several component types:
A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.
An organizational process describes how to implement all or part of the process required to make a product or handle a flow.
An entity can be internal or external to the enterprise: an entity represents an organizational element of enterprise structure such as a management, department, or job function. It is defined at a level depending on the degree of detail to be provided on the organization (see org-unit type). Example: financial management, sales management, marketing department, account manager. An external entity represents an organization that exchanges flows with the enterprise, Example: customer, supplier, government office.
An objective is a goal that a company or organization wants to achieve, or is the target set by a process or an operation. An objective allows you to highlight the features in a process or operation that require improvement.
A requirement is a need or expectation explicitly expressed, imposed as a constraint to be met within the context of a project. This project can be a certification project or an organizational project or an information system project.
An application is a set of software tools coherent from a software development viewpoint.
• Business Lines
A business line is a skill or grouping of skills of interest for the enterprise. It corresponds for example to major product segments, to distribution channels or to business activities.
• Operations
An operation is an elementary step in an organizational process executed by an org-unit.
+ In the
HOPEX Control and Risk product, a
Situation tag is available to define the scope of a risk. Use the compatibility option to reuse information that was defined in this tab to integrate it in the
Scope of the control. To activate the accounting option, see
"Managing Options Relating to Risks".