Assessments are used to identify risks, plan controls to mitigate the risk, and monitor risk levels. While users in both the Risk Team and Administrator (Risk Management) user groups can launch assessments, it is best practice for the risk team to do so. Assessments can be scoped with a focus on either risk categories, processes, or objectives.
To launch an assessment:
Log into a user account that's been added to the Risk Team user group.
- Click the dropdown in the nav bar > Risk Management.
- Navigate to the Launch Risk Assessment tab, then click Launch Risk Assessment, Launch Process Risk Assessment, or Launch Objective Risk Assessment.
The process for launching and scoping an assessment will be the same regardless of the scoping method picked. The only difference will be the object types chosen during scoping.
- Enter a name for the assessment in the Risk Assessment Name field.
- Begin typing keywords in the Business Unit field to display a list of available options, then click to select the appropriate business unit.
Begin typing keywords in the second Business Unit field to display a list of searchable tags. Select the one that matches the previous field.
To ensure the assessment is searchable, the business units selected in both fields should match.
- Click Create to display the Launch Risk Assessment page.
- Click Define Risks for RCSA to define which frameworks, topics, sub topics, requirements, etc. should be included in the assessment. See Define Risks for more information. While an assessment can be scoped immediately after launch; it can also be accessed and scoped later in Risk Management > Launch Risk Assessment > Risk Assessment Planning.