Not logged in - Login
View History

Risk Statement

Abriska generates a list of risk statements which express the top risks to the organisation. Each risk statement is generated in a generic format which can then be overwritten by the user. The following format is utilised:
Threat to Supporting Resource | Information Processing Facilities will affect the {C, I and A} of information due to {maturity of Control(s)| Vulnerability}.
E.g.
A. Power failure to email system will affect the Availability of Customer Data due to a lack of 11.2.2 Supporting Utilities.
B. Theft by third parties to Reading Office will affect the Confidentiality of Client Folders due to a lack of 11.1.6 Delivery and loading areas.
C. Technical Failure of a Main Computer or its Storage Devices to AS400 will affect the Integrity and Availability of Client Data due to Legacy Hardware.

Each risk statement can be overwritten to provide a clearer statement, for example, Statement B above could be re-written as “Theft of client folders from the warehouse by delivery drivers due to insufficient segregation between incoming and outgoing post”.
Each risk statement has a risk score associated with it and is available within the online risk register. The ability to assign a risk owner and risk treatment decision is available from this page.
Output:
Risk Register – outputs each of the risk statements, the risk treatment decision and the owner. Each risk that is identified should be reviewed and undergo treatment by applying one of the following:

  • Reduce – Apply the recommendation and improve the appropriate control
  • Accept – Knowingly and objectively accept the risk
  • Avoid – Change the business or environment to stop completing the related activity
  • Transfer – Outsource/transfer the risks to other parties.
    NB: the standard risk treatment decisions can be customised by the organisation.

Overview of Risk Statement

Risk Statements include a description of the risk event or threat, the scope or extent to which the risk applies and may also include details of possible causes, description of impacts or possible consequences if the risk were to materialise as well as detailing any controls currently in place.
New risk statements can be created by selecting ‘Create New Risk’ from the sidebar within Risk Register.
By selecting a pre-defined risk category, Abriska will automatically generate a unique risk reference upon submission of the new risk statement.
Risks can be assigned to a division by selecting from the Division drop down list, showing divisions set up within the organisation.
Risk Owners are assigned by selecting from the Risk Owner drop down list, showing contacts within the organisation contacts.


Once submitted, risk statements can be edited by selecting the Risk Register and clicking on the Open Risk Detail arrow to the right of each risk entry within the register.



Back to Enterprise Risk Management