Note: The following features are not added to IT Risk Management by default. For information on adding these features to your version of the app, contact your CSM.
New Features
IT Risk Assessment
The app offers an assessment tool to keep all tracking efforts consolidated in one place. This allows the IT Risk Team to more easily expose risk, support the operational level, and work towards risk control and mitigation.
Continuous Assessments
Members of the IT Risk Team user group can reassess any assessment in the Complete state, and members of the IT Risk Owner user group can reassess any IT risk in the Monitoring state. This allows assessments and risks to be updated outside of the constraints of an annual review period.
Users can easily see how an IT risk has evolved over time using trending data.
Issue Management
Members of the IT Risk Team usergroup can create issues from step 5 of the Assessment Review form. This makes it easier to consolidate the issues attached to a risk and to plan corrective actions.
Asset Risk Management
Members of the IT Risk Team user group can create IT assets, assess their criticality, and assign them to an IT Risk. This increases the ease with which the organization can identify its assets, and helps to prioritize risk mitigation for critical assets.
Announcements
Users in the IT Risk Team user group can create announcements to be displayed on the IT risk owners' portal. Users can choose when the announcement goes live, when it is removed, and whether or not an email notification will be sent out to users.
IT Risk Owner Portal
Members of the IT Risk Owner user group will have access to a tailored portal experience to better manage IT risks outside the standard assessment cycle. The portal has the following sections:
IT Risk Owner Dashboard: A heatmap that displays the intersection of the residual likelihood and residual impact for all IT risks assigned to the user. There are also charts summarizing all controls and issues assigned to the user. The dashboard can be starred to have it automatically appear on the control owner's homepage upon login.
IT Risk and Control Matrix: An easy, working grid that lists each IT risk that has been assigned to the IT risk owner as well as its assigned controls. A risk or control can be reviewed by clicking the icon in the Risk Name or Control Name column respectively.
My IT Risks: A complete list of each IT risk assigned to the IT risk owner regardless of the assessment cycle. Clicking on a control will open the form appropriate to the risk's current state. Controls can also be accessed from within the risk.
Announcements: Displays communications from the IT risk team.
Geolocation
Members of the IT Risk Team can decide whether or not an IT asset has a physical location. In the event that it does, that location can be entered through an address field, pins on a map, or both.
IT Risk Reporting
The app contains the following reports in the IT Risk Management activity of the Reports app:
IT Risk Company Heatmap: A heatmap that displays the intersection of the residual likelihood and residual impact for all IT risks in the organization.
Top IT Risk Report: Displays the top IT Risks attached to a specific assessment, including trending data of their residual risk and their controls.
Company Issue Overview: Charts that display each issue in the organization, broken down by status, issue type, and priority.
IT Risks by Threat Category: A graphical representation of the residual risk ratings of each IT risk in the organization broken down by threat category.
IT Risk Company Heatmap - Inherent vs Residual Risk: A heatmap that displays the difference between the inherent and residual risk for all IT risks in the organization.
IT Risk by Category: A graphical representation of the residual risk ratings of each IT risk in the organization broken down by category.
IT Risk and Control Matrix: Lists each risk that has been assigned to the IT risk owner as well as its assigned controls. A risk or control can be reviewed by clicking the icon in the Risk Name or Control Name column respectively.
Issues by Business Unit: Charts that display each issue attached to a specific business unit, broken down by status, issue type, and priority.
Asset Risk Management Reporting
The app contains the following reports in the Asset Risk Management activity of the Reports app:
Corporate Asset Overview: A graphical representation of the criticality score of each Asset in the organization broken down by Information category, as well as charts that display each asset's type and whether it is supported internally or externally.
Corporate Asset Criticality Report: A heatmap that displays the intersection of the criticality score and information system type for all assets in the organization.
Business Unit Criticality Report: A heatmap that displays the intersection of the criticality score and information system type for all assets attached to a specific business unit.
Formula Cards
The Inherent Risk Score, Control Effectiveness, Residual Risk Score, and Criticality Score formulas are now displayed as formula cards to better communicate risk posture.
Excluding Archived Data from General Access
Users working in the app will have archived assessment data omitted from performance-impacted activities (such as searching for records or running reports). This data has been restricted to a designated section of the Manage IT Risk Assessments activity accessible only by the IT Risk Team. This ensures that the data within the app is relevant and places older information in an easy-to-access, consolidated view.