Risk identification
This report presents distribution of risks according to several criteria: by process, by risk type, by entity and by objective.
Access path
Reports > Identification > Risk Identification.
Report parameters
This consists of selecting risks that will be presented by specifying elements that define their scope: risk types, entities, processes or objectives.
|
Parameters
|
Parameter type
|
Constraints
|
|---|---|---|
|
Begin Date
|
Date
|
Risk selection criterion. Not mandatory.
|
|
End date
|
Date
|
Risk selection criterion, fixed at current date.
|
|
Scope risk type
|
Risk type
|
Risk selection criterion. Not mandatory.
|
|
Scope entities
|
entity
|
Risk selection criterion. Not mandatory.
|
|
Scope processes
|
process
|
Risk selection criterion. Not mandatory.
|
|
Scope objectives
|
objectives
|
Risk selection criterion. Not mandatory.
|
For more details on risk contextualization see Organizing Risks.Report example
The upper part of the report presents distribution of risks on the following criteria:
• Distribution of risks by process
• Distribution of risks by risk type
• Distribution of risks by entity
• Distribution of risks by objective
The lower part of the report presents distribution of risks on the following criteria:
• Distribution of risks by status
• Distribution of risks on which remediation has been defined
• Distribution of risks assessed or not assessed
• Number of risks created over last ten years.
To obtain a list of risks making up a sector or a barchart bar:
Click the sector (or barchart bar) that interests you.
The list of risks taken into account is presented at the bottom of the edit area.
For more details on operation of instant reports, see the HOPEX Common Features guide.Control Identification
This report presents the distribution of controls according to several criteria:
• by process
• by control type
• by entity
• by objective
Its operation is identical to that of the risk identification report.
For more details on the risk identification report, see Risk identification.Net Risk by Risk Type
This report presents in the form of a stacked bar chart:
• on the horizontal axis: the number of risks by risk type
A risk type defines a risk typology standardized within the context of an organization.• on the vertical axis: the number of risks by net risk level
The residual (or net) risk indicates the risk to which the organization remains exposed after management has processed the risk. is the difference between the Inherent Risk and the Control Level.