Enterprise Risk Management

Closely aligned with the risk management process from ISO 31000, Abriska® 31000 was designed to provide organisations with an intuitive tool for assessing and managing all types of risk from different functions and departments.

Its purpose is to ensures that risk management is an integral part of management and governance, is embedded into the culture and practices, and is tailored to the needs of an organisation.

You will find the configuration options vary to that within the RA Management for the Information Security 27001 module.

ERM Setup

The links listed below contain information on setting up the risk management module. The 'Configuration' page within Abriska can be reached by selecting ‘Risk Assessment’ then selecting 'RA Management' from the sidebar on the organisation home.

• risk Appetite
• risk Strategies
• risk Categories
• risk Register
• risk Statement
• risk Scores
• risk Strategy
• risk Actions

Creating a new Risk

To create a new risk you will need to follow these steps. Risk Assessment > Risk Register > Create new Risk

Option 1: Identify Risk

Used to identify a Risk with a description to then be assessed by Org Admin.

Option 2: Identify and Analyse Risk

Used to identify and asses a risk to the business filling in the following information. You must select the Category first, this will then generate a Risk Reference.

Depending on what category is selected there may be a prompt to select which controls help to mitigate this risk.
The final step in adding the risk is to evaluate the Inherent(level with no controls in place), residual(current level), target risk(expected level).

Read Only Risks

This new functionality, available from October 2022, allows identified and analysed risks to be shared with other divisions.

Risk owners and organisation admins can share a risk to all divisions allowing them to be aware of other risks and instead of producing a new similar risk, this can be copied and altered to suit another divisions analysis (likelihood + impact).

To copy a risk, click 'Copy to My Division' in the blue box at the top of the page when viewing the risk. This will open a modal window asking you to select the division to copy to and set the risk owner. Upon submission you will be taken to that new (copied) risk where you can then make edits to the analysis and evaluation, treatment and actions.

All copies of a risk will automatically be linked so that the original and and subsequent scoring can be viewed.

A new notification will be added to highlight how many shared risks there are.

How to activate Read Only Risks

Organisation admins can turn on this feature from: Risk Assessment > RA Management > Configuration > Risk Register Config. Turn the radio toggle to green for 'Read Only Control'.

Video

How to add enterprise risks to the risk register for Abriska 31000

The Risk Register within the ERM module contains different options within the Risk Detail tab, for more information please see the risk Register Enterprise Risk Management page.