Search

General Form

  • Updated

General Form Overview

This form captures the main details of the risk, such as name, narratives and categorisations.

PF RISK General Form.png

General Form Field Explanations

Once a Risk is identified it can be added into the Enterprise Risk Management System and the first stage will default to Identify. The following information is gathered at this stage:

Field Comment
ID System generated unique reference for this risk
Title Title/name of the risk, shown in views and reports where risks are listed
Owner

System user who owns this risk and is able to edit it. Change to hand over editing rights to another user.
Risk Level Defines this risk as either Strategic or Operational. Strategic risks will be monitored by the exec board. Operational risks can be linked to Strategic risks as child items in the 'Related Records' section.
Risk Type Defines if this is a Perpetual risk that we will be monitoring in perpetuity (most likely if this is a Strategic Risk) or a Standard risk that will eventually be closed down and de-activated.
Risk Category Pick the main category of this risk. This will impact how the risk is reported. Risk rating and appetite thresholds are determined by the chosen category.
Strategic Objective Select the strategic objectives of your organisation that would be most impacted by this risk.
Narrative
Risk Summary A short summary of the risk, shown where there's not a lot of space
Detailed Description Use concise language to define the risk in a way that is easily understood by stakeholders. Offer background information to provide context for the risk. Include details about the processes, systems, or activities that may be affected by the risk. Describe the potential consequences of the risk if it were to occur. This includes both quantitative and qualitative impacts on various aspects of the organization such as financials, operations, reputation, and compliance.
Mitigation Plan Propose potential mitigation strategies or risk response plans. Outline actionable steps that can be taken to reduce the likelihood or impact of the risk. This is high level only, as detailed mitigation tasks will be created in the Tasks section of this risk.
Assessment Guidance Summarize the key factors that should be considered when assessing this risk.
Controls Select a Control for this Risk, if required. Controls are maintained under the Related menu.
Categorization
Threat or Opportunity? Threat or Opportunity?Choose which it is: Threats are events or conditions that have the potential to negatively impact the achievement of organizational objectives. They represent situations that may harm the organization or prevent it from reaching its goals. Opportunities are events or conditions that, if realized, can have a positive impact on organizational objectives. They represent situations that the organisation can exploit to its advantage.
Risk Treatment - Threat

Shown if risk classified as 'Threat':  Identify how to deal with this risk.

  • Treat: Implementing measures to reduce the likelihood or impact of the threat, such as through mitigation strategies, controls, or corrective actions.
  • Transfer: Shifting the risk to another party, often through insurance, outsourcing, or contractual agreements, so they bear the responsibility and consequences.
  • Tolerate: Accepting the risk without taking any action, usually because the threat is deemed manageable or the cost of mitigation exceeds the potential impact.
  • Terminate: Eliminating the risk entirely by discontinuing the activity or process that exposes your  organisation to the threat.
Risk Treatment - Opportunity

Shown if risk classified as 'Opportunity':  Identify how to deal with this risk.

  • Share: Collaborating with another party to jointly capitalize on the opportunity, such as through partnerships or joint ventures, to distribute the benefits and associated risks.
  • Exploit: Taking deliberate actions to ensure the opportunity is fully realized, such as allocating resources or making strategic decisions to maximize the potential benefits.
  • Enhance: Modifying plans or processes to increase the likelihood or impact of the opportunity, thereby amplifying its potential positive effects.
  • Reject: Deciding not to pursue the opportunity because it does not align with strategic goals or the potential benefits do not justify the necessary resources or risks involved.
Legal & Regulatory Compliance Impact Pick Yes if this risk has a Legal & Regulatory Compliance Impact (used to filter in views and reports)
Risk Assessments Require Approval? Pick Yes if risk assessments for this risk should go through an approval process.
Show at Top Level Pick Yes to show this risk in top level exec report
Cost Exposure The amount our organisation stands to lose should this risk materialize.
Time Exposure Pick the right value to indicate how soon this risk is likely to be of concern.
Quality Exposure Pick a value to indicate if and how this risk is of concern to Quality of your operations.
Key Dates
Risk Assessment Frequency (Days) Define how frequently this risk should be re-assessed. Assessment tasks will be created automatically with due dates defined accordingly.
Latest Residual Assessment Date Shows the date of the most recent residual assessment for this risk.
Due Date Lets you assign a multi-purpose Due Date, e.g. use to indicate when you will next review this risk.
Closed Date The date this risk was closed.

Controls

PF RISK General Form - Controls.png

The Controls section of the screen allows you to pick one or multiple Risk Controls that are relevant to this risk. They represent measures, policies, procedures, and mechanisms in your organisation that can help to manage or mitigate this risks.

Click Add Existing Control to show a search facility, allowing you to pick the controls you wish to attach to this risk.

Activities and Notes

In this section tasks and notes appear so you can track what's going on.

Was this article helpful?

0 out of 0 found this helpful