Risk Environment
To analyze a risk, it is necessary to take into account all the elements of the environment.
Describing Risk Environment
To describe the objects which make up the environment of a risk:
In the HOPEX GRC desktop, click Environment > Environment > Risks.
The risk types are defined in Risks > By Risk Type.You can define:
• Risk factors
• Risk consequences
Defining the Environment of a Specific Risk
To define the environment for a specific risk:
1. In the Characteristics page of the property window of a risk, expand the Analysis section.
A risk is characterized by:
• Risk types
• Risk factors
• Risk consequences
• Associated Risks
Risk types
A risk type enables risk characterization. For example, a risk type can be regulatory, legal, technical, etc.
Creating a risk type
To create your own risk types:
1. In the navigation bar, click Risks > By Risk Type.
2. Click New.
3. Enter the name of the risk type and click OK.
The new risk type appears in the navigator menu tree.
Similarly, you can create a sub-risk type from a risk type.Analyzing the impacts of a risk type
A report enables you to analyze the impacts of a risk type. See Risk Type Impact Breakdown.
Risk Factors
Many risk factors are defined within the framework of international, national or inter-professional regulations, or within the enterprise itself.
With each risk, you can associate one or more risk factors, sources of risks that have intrinsic potential to endanger organization operation. For example, dangerous chemical products, competitors, governments, etc.
Risk consequences
To define consequences associated with a risk:
In the risk page, Analysis section, Risk Consequences tab, click New.The consequence creation page appears.
Since a risk consequence can relate only to a single risk, the Risk field is already entered with the current risk.The consequence created appears in the list of consequences associated with the risk.