HOPEX Aquila EN

GRC - Governance, Risk & Compliance > HOPEX Enterprise Risk Management > Managing Risks > Risk characteristics > Risk Responsibilities (RACI)

Risk Responsibilities (RACI)

To access risks, see Accessing Risks.

Risk properties include a Responsibilities section to define the different persons responsible for risk management. For futher details, see Responsibilities (RACI).

Note that the Risk Assessor, who answers risk-related questionnaires, is to be specified in the properties of the entity connected to the risk(Entities / Processes/).

For more details, see:

• Prerequisites to Risk Assessment

• Specifying responsibilities within an entity.

See also:

• Defining the Scope of a Risk

• Analyzing Risks

• Risk Overview

Defining the Scope of a Risk

Contextualizing a risk consists in defining its scope.

To define the scope of a risk:

In the risk properties, expand the Scope section.

The scope can consist of different types of objects:

• Process categories and Processes exposed to the risk. See Managing Processes.

A process category regroups several processes. It serves as a categorization level and provides access to finer grained processes.

A process describes how to implement all or part of the process required to make a product or handle a flow.

• Operations

An operation is an elementary step in an process. It corresponds to the intervention of an entity withing the organization.

• Entities concerned by the risk. See Managing Entities.

An entity can be internal or external to the enterprise: an entity represents an organizational element of enterprise structure such as a management, department, or job function. It is defined at a level depending on the degree of detail to be provided on the organization (see org-unit type). Example: financial management, sales management, marketing department, account manager. An external entity represents an organization that exchanges flows with the enterprise, Example: customer, supplier, government office.

Defining entities on risks is a pre-requisite to risk assessment. See also Preparing the Assessment Environment.

• Objectives expected related to risk management.

An objective is a goal that a company or organization wants to achieve, or is the target set by a process or an operation. An objective allows you to highlight the features in a process or operation that require improvement.

• Applications. See Managing Applications.

An application is a set of software tools coherent from a software development viewpoint.

• Business Lines: See Managing Business Lines.

A business line is a skill or grouping of skills of interest for the enterprise. It corresponds for example to major product segments, to distribution channels or to business activities.