Show TOC

Procedure documentationCreating Risks Locate this document in the navigation structure

 

A risk requires an identifier and defined attributes.

Procedure

To create a risk:

  1. Navigate to   Rule Architect   Risks   Create  

    The Create Risk screen appears.

  2. Enter the basic attributes for the risk:

    1. In the Risk ID field, enter a 4-digit alphanumeric code to identify the risk.

      This code must be unique to this risk.

    2. In the Description field, enter a short, plain text description of the risk.

    3. From the Risk Type dropdown menu, select the type of vulnerability targeted by this risk.

      Risk types include:

      • Segregation of Duties (SoD) risk

      • Critical Action risk

      • Critical Permission risk

    4. From the Risk Level dropdown menu, select the severity of the risk.

      Risk Levels include:

      • Low

      • Medium

      • High

      • Critical

    5. From the Business Process dropdown menu, select the risk for this business process.

    6. From the Status dropdown menu, select either Enabled or Disabled to indicate whether to activate the risk when you save it.

  3. Choose the Relevant Functions tab to display the Function screen.

    You use this screen to identify functions for this risk:

    1. Choose the check box next to an empty row and click the down-arrow at the right side of the row to display a scrolling list of all defined functions.

    2. Select the function you want to add to the risk.

    Repeat these steps until you have included all the functions in the risk:

    • For SoD risks, select at least two functions.

    • For Critical Action and Critical Permission risks, select at least one function.

  4. Choose the Detailed Description tab to display the Detailed Description text field. Enter a description of the risk.

  5. Choose the Control Objective tab to display the Control Objective text field. Enter a description of the control objective targeted by the risk.

    Caution Caution

    Avoid Tab keyboard characters when you enter risk data in the Detailed Description and the Control Objective text fields. Tab keyboard characters can cause problems when you use the Export and Import utilities to move rules from one system to another.

    End of the caution.

  6. Choose the Risk Owners tab to display the Owner ID screen.

    Caution Caution

    To assign a risk owner to a mitigation, you must ensure that the administrator has defined them.

    End of the caution.

    You use this screen to identify the employee or employees who own this risk:

    1. Choose the plus icon to add a Risk Owner field.

    2. Select the down arrow at the right side of the row to display a list of defined employees.

    3. To assign to the risk, select an owner from the list.

    Repeat these steps to assign all owners to the risk.

  7. Choose the Rule Sets tab to display the Rule Set screen.

    This screen identifies the rules sets to add to this risk:

    1. Choose the plus icon to add a rule set field.

    2. Select the down arrow at the right side of the row to display a scrolling list of all defined rule sets.

    3. Select the rule set you want to add to the risk.

    Repeat these steps until you have added all of the rule sets to the risk.

  8. Choose Save.

More Information

Viewing Risks

Modifying a Risk

Deleting a Risk