Define Scope of Risk Assessment

Users in the Risk Team user group must scope an assessment to define which risk categories, risk sub-categories, risks, or controls should be assessed. Assessments can be scoped at the time of assessment creation or from the Risk Assessment Planning view in the Launch Risk Assessment activity. 

It's recommended you scope an assessment immediately after launch; however, you can access and scope it later in Risk Management > Launch Risk Assessment > Risk Assessment Planning

To scope an assessment:

  1. Log into a user account that's been added to the Risk Team user group.

  2. Launch a risk assessment
  3. Click Define Scope of RCSA.
  4. Select one or more risk categories, processes, or objectives as the focus of your assessment by clicking Add.A list of available risk categories.
  5. If needed, refine the categories further by using one or more of the following default filters in the Filters pane to the left: 
    • By Name: Filters which categories are displayed based on their Name. When entering keywords in this field, press Enter on your keyboard to apply the filter.
    • By Assessment Type: Filters results by object type or assessment type. 
    • By Dimension: Filters results by assessment context, such as Business Unit or Location. 
    • By Description/Unique ID: Filters objects and instances by their Description and Unique ID properties.
    • By State: Filters objects and instances by workflow state, including states from other assessment workflows.
    • Other: Additional filters based on plain text fields, select lists, and multi-select lists added to the focus object type in the assessment. When entering keywords in a text field filter, press Enter on your keyboard to apply the filter. 
  6. To remove any unneeded filters, click the beside the filter in the Filter Selection field.Removing unneeded filters from the Filter Selection field.
  7. To add a new version of a previously assessed object to the assessment, click the Assessments link below an object, then click + Add. For more information about the object, hover your cursor over the ellipsis beside the record. Clicking the Assessments link below an object will display any instances, which can then be added to the assessment.
    If an object has not been previously assessed, it will not have any instances and the Assessments link will be hidden.
  8. Remove any unneeded risk categories by clicking - Remove.
  9. Click the green banner at the bottom of the page to display the Assessment Navigation form.The Assessment Navigation form.
  10. Click the  icons in the tree to expand the nodes and display any relationships or references to the sub-categories, risks, and controls added to scope. 
  11. Click the names of the objects in the tree to review them, and review any applicable requirements in the palette. 
  12. Deselect the checkboxes beside the objects you wish to remove from the scope. By default, all objects and their relationships or references are selected. Deselecting an object in an upper node will automatically deselect the objects in the nodes immediately below it.
    Instances cannot be deselected from the scoping form. To remove instances from the scope, click the green banner at the top of the page, then click Remove From Scope beside the instances in the Assessments sections.
  13. To filter which objects are displayed in the tree, click the  icon, then select an object type in the Select object type to filter tree with select list to show the available plain text, select list, and property filters available for that object type. To hide the filters, click the  icon.Select an object type in the Select Object type to filter tree with dropdown menu to view available filters. 
  14. Click Confirm Scope, then click Yes to confirm and launch the assessment. If you created the assessment then accessed it later from a view, the form selected for that view will be displayed after clicking Yes. Otherwise, the form used to originally create the assessment will be displayed.