HOPEX IT Risk Management : HOPEX IT Risk Management : Using HOPEX IT Risk Management : Managing IT Risks : Direct Risk Assessment
   
Direct Risk Assessment
HOPEX IT Risk Managementis used to directly assess risk level:
by application, or
by deployed application (to assess the risk of an entity)
*Risks can be positioned either on an application or on a deployed application. For more details, see "Risk scope".
Assessing risks directly
The 'expert view' assessment can also be referred to as a direct assessment in HOPEX IT Risk Management (that is, without defining an assessment campaign by questionnaire).
To assess a risk directly:
1. In a risk property page, select one of the assessment pages as follows:
Assessment by Installation: used to assess risks per deployed application
Assessment by Application
*Only one of these tabs appears, depending on the choice you made when positioning risks. For more details, see "Identifying and Positioning Risks".
2. Click Evaluate.
3. If required, select a context object then select a value for:
impact
*The impact characterizes the impact of the risk when it occurs.
likelihood
*The likelihood characterizes probability that the risk will occur.
velocity
*Velocity represents the rapidity of propogation of the risk of an asset to other assets if an incident occurs.
4. If required, modify the Measurement Date and click OK.
Risk Assessment Templates
 
Assessment template
Assessed object
Context
Mode
Assessed characteristics
Assessor
Assessment of risks by application
Risk connected to the application
Application connected to the risk
direct or by campaign
- Impact
- Likelihood
- Inherent risk
- Velocity
- Weighted inherent risk
- Direct assessment: IT GRC Manager
- By campaign: Application owner
Assessment of risks by deployed application
Risk connected to each deployed application
Deployed application
direct or by campaign
- Impact
- Likelihood
- Inherent risk
- Velocity
- Weighted inherent risk
- Direct assessment: IT GRC Manager
- By campaign: Application owner
 
*You can also use these assessment templates for assessment campaigns. For more details, see "Assessments by Questionnaires".