The Active and Inactive buttons show active and deactivated risks respectively. To search for a risk, enter the search text and click the Search button. The system will search both the name and description of risks for the search text.
Module: Risk Management
Purpose: To monitor, edit and create risks within the Risk Library
To Access: Main - System Library - Risk.
In GuardianERM.Net, all risks are created and stored in a library. When performing risk evaluations of an organisation unit, the appropriate risks are selected from the library and attached to the organisation unit.
All the risks in the library are shown in the Risk List:
The Active and Inactive buttons show active and deactivated risks
respectively. To search for a risk, enter the search text and click
the Search button. The system will search both the name and
description of risks for the search text.
To help finding the appropriate risk, the list can be filtered using the Risk Group and Risk Sub-Group filters.
In order to create a risk, select New Risk and fill out the name and description for the risk. More details for the risk can be set once the risk is attached to an organisation unit.
If you wish to create a risk deactivated, un-tick the Active box and save. Risk groups can be applied to risks via the Risk Group and Risk Sub-Group dropdowns. Once complete, select Save Data to finally create the new risk.
Modifying a risk follows a similar process. Select the risk to be modified from the Risk List and modify fields as is necessary. Once complete, select Save Data to save the changes.
Deactivated risks are not deleted, they can be viewed by clicking the Inactive button above the Risk List:
Note: The risks in the library are shared by all users of the system and may be attached to many organisation units (the organisation units using a selected risk are shown in the bottom panel). The system uses a unique system code to identify a risk and for other items in the system to reference to. You must consider the overall effect on the whole system and other users when modifying a risk. For example, if a risk was originally the risk of fire damage to a building and after controls, audit procedures were attached and audits were performed you change it to the risk of fraud while all the other data remain the same, say, the control of testing fire protection equipment regularly will become meaningless for the risk of fraud.
As a general rule, never change the name or description of a risk except to correct spelling and grammatical errors.
If a risk is not applicable any more do NOT replace it with a new risk. Deactivate the risk and create a new one instead.
You may change the group and sub-group of a risk without affecting other parts of the system.