Define Scope of Risk Assessment

Once an assessment has been launched, Risk Team user group members must scope it to define the assessment's required risk categories, risk sub-categories, risks, or controls. 

After launching an assessment, you should scope it immediately. However, the assessment can be also accessed and scoped later in Risk Management > Launch Risk Assessment > Risk Assessment Planning.

To scope an assessment:

  1. Log into a user account from the Risk Team user group.
  2. Click the relevant Risk Assessment and click Define Scope of RCSA.
  3. Click +Add to select one or more risk categories, processes, or objectives to focus your assessment on.A list of available risk categories.
  4. Optional: Use the left-side Filters pane to refine the categories further with one or more of these default filters: 
    • By Name: Filters which category names are displayed. Type the keywords here, then press the Enter key to apply the filter.
    • By Assessment Type: Filters results by the object or assessment types. 
    • By Dimension: Filters results by assessment context (e.g., Business Unit or Location). 
    • By Description/Unique ID: Filters objects and instances by these properties.
    • By State: Filters objects and instances by workflow state, including states from other assessment workflows.
    • Location Filters: Allows you to filter results By House Number, Street, City, Zip Code, State, Country.
    • Count: Filters by Count Me or Count Me Again.
  5. Optional: To remove any unneeded filters, click the beside the filter in the Filter Selection field.Removing unneeded filters from the Filter Selection field.
  6. To add a new version of a previously assessed object, click the Assessments link below said object, then click + Add
    • For more information about the object, hover your cursor over the ellipsis beside the object.

Clicking the Assessments link below an object will display any instances that can be added to the assessment.

If an object has not been previously assessed, it will not have any instances and the Assessments link will be hidden.
  1. Click Remove to remove any unneeded risk categories.
  2. Click the green banner at the bottom of the page to display the Assessment Navigation form.The Assessment Navigation form.
  3. Click the  icons in the tree to expand the nodes and display any relationships or references to the scoped sub-categories, risks, and controls. 
  4. Click the relevant object names in the tree to open the Risk Review palette, as well as any applicable requirements. 
  5. Deselect the checkboxes beside the objects to remove them from the scope. 
    • By default, all objects and their relationships or references are selected. 
    • Deselecting an object in an upper node will automatically deselect the objects in the nodes immediately below it.
  6. To filter which objects are displayed in the tree, click the  icon, then Select object type to filter tree with select list to show the available plain text, select list, and property filters for that object type. 
  7. To hide the filters, click the  icon.
Instances cannot be deselected from the scoping form. To remove instances from the scope, click the green banner at the top of the page, then click Remove From Scope beside the instances in the Assessments sections.

The Filters menu.

  1. Click Confirm Scope, then Review Objects to determine whether the Review Objects page displays.

Graphical user interface, text

Description automatically generatedThe Please Confirm dialog box.

  1. Optional: To link to all the applicable objects of a particular assessment, click Assessments on the Global Assessments Selection section, then check Link to Existing next to the assessment you wish to use objects from.The Review Objects page.

  2. Optional: If you would like to use the version of only one object currently being used by another assessment, click Assessments on the applicable object then check Link to Existing.Graphical user interface, text, application, chat or text message

Description automatically generatedAn object that has a version being used in another assessment.
  3. Click Confirm to launch the assessment. 
    • If you created the assessment then accessed it later from a view, the form selected for that view will be displayed after clicking Yes. Otherwise, the form used to originally create the assessment will be displayed.