Not logged in - Login
View History

Using the Enterprise Risk Register

The Risk Register

The 31000 enterprise risk register allows users to identify or identify and analyse a risk depending on the users permissions. The risks can be assign an owner, shared with other business areas, treatment and actions can be managed. The overview allows users to view summary details per division or for the whole organisation.
Enterprise risk register

Risk Register Key

The Risk Register within the ERM module contains different options within the Risk Detail tab.

The Risk Register Key provides the ability to filter by the following options:

Comparison date: What date you wish to compare against

Risk Indicators: Which warnings you wish to review

Risk Categories: Which category you wish to assess (These would have been set with RA Management > Configuration)

Risk Strategy Which strategy answer you which to review (To edit the titles go to RA Management > Configuration)

Risk Delta Filter depending on how Unchanged or New risks, the icons appear in the risk score box for each risk.

Risk Status

Risk Detail ERM

The ERM module module highlights different areas of the raised risk. Below is a brief explanation of the various areas differing from the Information Security 27001 Risk Register.

Risk Detail ERM

  • Risk Identification - This carries can extra drop box; 'Risk Source', here you can link the risk to how is was identified if relevant.
  • Objectives - This allows you to link a risk to a business objective, multiple risks can be link to an objective and this will be visible within the organisation risk report. See more on how to create an objective.
  • Risk Actions - The key difference here is that actions are not raised against the controls.
  • Risk Monitoring & Review - Comments to add outside of action status, here you an select if a comment is important and this will be highlighted with reporting.

Risk Monitoring & Review permission access

Organisation admins can now change who can view, change and add said comments.
Go to > Risk Assessment > RA Management > Configuration > Risk Register Config > select the user from which you would like contacts to have access to risk monitoring. Users of that level and above will be able to view, change and add comments.

Risk Register Overview

You can navigate here from the Risk Register > left side bar > 'Risk Register Overview'. The page gives a more detailed view of what some of the widgets on the main dashboard show.

Creating a new Risk

To create a new risk you will need to follow these steps. Risk Assessment > Risk Register > Create new Risk

Option 1: Identify Risk

Used to identify a Risk with a description to then be assessed by Org Admin.

Identify Risk

Option 2: Identify and Analyse Risk

Used to identify and asses a risk to the business filling in the following information. You must select the Category first, this will then generate a Risk Reference.

Identify and Analyse Risk

Depending on what category is selected there may be a prompt to select which controls help to mitigate this risk.
The final step in adding the risk is to evaluate the Inherent(level with no controls in place), residual(current level), target risk(expected level).

Analysis & Evaluation

Video

How to add enterprise risks to the risk register for Abriska 31000



Read Only Risks

This new functionality, available from October 2022, allows identified and analysed risks to be shared with other divisions.
Risk Register Division Share

Risk owners and organisation admins can share a risk to all divisions allowing them to be aware of other risks and instead of producing a new similar risk, this can be copied and altered to suit another divisions analysis (likelihood + impact).
Copy Risk to My Division

To copy a risk, click 'Copy to My Division' in the blue box at the top of the page when viewing the risk. This will open a modal window asking you to select the division to copy to and set the risk owner. Upon submission you will be taken to that new (copied) risk where you can then make edits to the analysis and evaluation, treatment and actions.

All copies of a risk will automatically be linked so that the original and and subsequent scoring can be viewed.

A new notification will be added to highlight how many shared risks there are.

How to activate Read Only Risks


Organisation admins can turn on this feature from: Risk Assessment > RA Management > Configuration > Risk Register Config. Turn the radio toggle to green for 'Read Only Control'.

Risk Register Config




Back to Enterprise Risk Management