HOPEX IT Risk Management : HOPEX IT Risk Management : HOPEX IT Risk Management Reports : IT Risk Reports : IT Asset Reports
   
IT Asset Reports
Risk level aggregated by business process
Access path
Reports > IT Risk > IT Assets > Aggregated Risk Level per Business Process
Parameters
Start and end dates
*The start and end dates define the value range to take into account for the assessments. If the same object is assessed more than once during this period, the most recent assessment is taken into account.
Assessment template:
for applications
for installations
*For more details on assessment templates, see "Risk Assessment Templates"
Business process
*A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.
The Generate Aggregation button starts the calculation and consolidates the risk assessments on the applications and processes.
Result
This report is presented in the form of a Business Process > Application > Risks tree.
The assessment result appears for each element in the tree.
Example
Risk Heatmap
Access path
Reports > IT Risk > IT Assets > Heatmap of Risks
Parameters
Begin and end date
*These dates define the value range to take into account for the assessments. If the same object is assessed more than once during this period, the most recent assessment is taken into account.
Risks: used to select the risks by filtering them according to a number of criteria.
You can select the risks to be taken into account using the trees.
 
Risk selection criterion
Corresponding selection tree
Business line
Business line > Applications > Risks
Risk type
Risk types > Risks
Business
Process > Applications > Risks
Business capability
Business capabilities > Applications > Risks
Threats
Threats > Vulnerabilities > Applications > Risks
Result
Heatmaps illustrate the following characteristics:
Impact / Likelihood
*The impact characterizes the impact of the risk when it occurs.
*The likelihood characterizes probability that the risk will occur.
Inherent risk / Velocity
*The inherent (or gross) risk indicates the risk to which the organization is exposed in the absence of measures taken to modify the occurrence likelihood or impact of this risk. This is the result of multiplying impact value and likelihood value before taking account of risk prevention or reduction measures.
*Velocity represents the rapidity of propogation of the risk of an asset to other assets if an incident occurs.
The values in each cell represent the risk assessments selected.
*By default, all risks are taken into account.
To display the assessments corresponding to each cell:
*Click the value of the cell.
The assessments appear with the risk assessed and its context (application or software installation).
Example
Application Heatmap
Access path
Reports > IT Risk > IT Assets > Heatmap of Applications
Parameters
Begin and end date
*The start and end dates define the value range to take into account for the assessments. If the same object is assessed more than once during this period, the most recent assessment is taken into account.
Applications: used to select the applications to take into account, based on the criteria and trees.
 
Application selection criterion
Corresponding selection tree
Business
Processes > Applications
Business line
Business line > Applications
Business capability
Business capabilities > Applications
Result
Heatmaps illustrate the following characteristics:
Inherent risk / Velocity
*The inherent (or gross) risk indicates the risk to which the organization is exposed in the absence of measures taken to modify the occurrence likelihood or impact of this risk. This is the result of multiplying impact value and likelihood value before taking account of risk prevention or reduction measures.
*Velocity represents the rapidity of propogation of the risk of an asset to other assets if an incident occurs.
Impact / Likelihood
*The impact characterizes the impact of the risk when it occurs.
*The likelihood characterizes probability that the risk will occur.
The values in each cell represent the average risk level of the application.
To display the assessments concerning the applications, click on the value of the cell.
 
Example
Risk widgets
Widgets are accessible from the dashboard via the home page.
They do not contain any parameters.
Process widget by risk level
This widget is used to display the percentage of first-level business processes according to the value of the average inherent risk for the process.
*A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.
*The inherent (or gross) risk indicates the risk to which the organization is exposed in the absence of measures taken to modify the occurrence likelihood or impact of this risk. This is the result of multiplying impact value and likelihood value before taking account of risk prevention or reduction measures.
To display the corresponding processes, click on the area in question.
Capacity widget by risk level
This a pie chart that displays the percentage of the total number of first-level capacities per risk level.
*A business capability is a component of information system processing. Processing can for example correspond to an activity or an enterprise business.
Risk causality report
See "Risk causality report".