HOPEX Business Process Analysis > Managing Risks and Controls > Identifies risks > Creating risks
Creating risks
To create a risk associated to an organizational process:
1. Open the Characteristics property page of the process that interests you.
2. Expand the Controls & Risks section,
3. Select the Risks tab.
4. Click the New button.
The new risk is added to the list of risks associated to the process.
To create an independent risk from the Processes pane:
1. Select Control & Risks> Risks.
2. Click the New button.
The new risk is added to the list of risks.
Risk characteristics 
In the Characteristics property page of a Risk you can specify characteristics below:
the risk identification Code
the risk Name
the fact that the risk is high level by selecting the Major Risk check box,
the risk Owner.
*By default the owner is the risk creator.
the risk Identification Mode
The risk could have been identified from:
an "Incident database"
a "Workshop"
a "Survey"
a "Mission audit"
the risk Description
*the Risk Status appears grayed and cannot be modified since it is managed by the workflow associated with the risk. For more information, see HOPEX Enterprise Risk Management.
Risk scope 
Risk scope enables definition of risk location. It relates to several component types:
Business Processes and Organizational Processes exposed to the risk. For more details, see Organization Processes.
*A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.
*An organizational process is a set of operations performed by org-units within a company or organization, to produce a result. It is depicted as a sequence of operations, controlled by events and conditions.
Entities concerned by the risk. For more details, see Organization of internal org-units.
*An entity can be internal or external to the enterprise: an entity represents an organizational element of enterprise structure such as a management, department, or job function. It is defined at a level depending on the degree of detail to be provided on the organization (see org-unit type). Example: financial management, sales management, marketing department, account manager. An external entity represents an organization that exchanges flows with the enterprise, Example: customer, supplier, government office.
Objectives and Requirements expected related to risk management. For more details, see Organization objectives and requirements.
*An objective is a goal that a company/organization wants to achieve, or is the target set by a process or an operation. An objective allows you to highlight the features in a process or operation that require improvement.
*A requirement is a need or expectation explicitly expressed, imposed as a constraint to be respected within the context of a project. This project can be a certification project, or an enterprise information system organization or modification project.
Applications,
*An application is a software component that can be deployed and provides users with a set of functionalities.
Business Lines
*A business line is a high level classification of main enterprise activities. It corresponds for example to major product segments or to distribution channels. It enables classification of enterprise processes, organizational units or applications that serve a specific product and/or specific market.