Assessing a risk on a risk card

From the Assessments app, you can set risk rating factors and edit the weight of controls on all the risks assigned to you. There are two types of risks:

  • Risks from Projects These are general risks assessed by a single individual, typically a domain expert. The risk score represents the overall risk as a single entity.

  • Risk assessments These are more comprehensive and involve input from multiple individuals or departments. The risk owner solicits feedback from various stakeholders on specific aspects of the risk, such as its likelihood and potential impact. After all the feedback is collected, the risk owner compiles the data to determine the final risk score.
    Risk assessments provide a more focused approach, allowing the risk owner to make a more informed decision about the overall risk.

Risk card widgets

The widgets displayed on the risk card provide the following information:

Assessments

Widget

 Description

No Control associated

No controls are associated with the risk.

Risk rating incomplete No data has been provided for the risk rating factors.
Risk rating complete The Assessments is complete, and both the inherent and residual risk scores have been calculated.

Assess risks

To view and complete all your assigned risks, follow these steps:

  1. Open the Assessments application from the Launchpad home page (www.highbond.com).
    If you are in Diligent One, switch to the Assessments app using the navigation menu on the left.

    Note

    You will receive an email notification with a link to the app to begin the scoring process. This may include a single assessment or multiple assessments in bulk, each with different headlines for the same risk. For bulk notifications, all links are provided in one email.

  2. Navigate to the My Activities tab and then select Risks.
    You can view the list of risks and risk assessments.
  3. Expand the risk card.
    Each card includes details such as associated controls, risk rating completion status, risk description, and other risk assessment-related links.
  4. Choose the risk scoring factors from the Impact and Likelihood dropdown menus.

  5. Complete the following steps based on the risks assigned to you:

    Risk Type Steps

    Risks assigned to you within Projects

    1. After updating the risks details and metrics, select Score to save your information.
      The risk card displays the calculated scores next to Inherent Risk Score and Residual Risk Score, based on the information entered.

    2. Select Finish to complete the risks update.

    3. Scroll to the bottom of the card to view Associated Controls, Requests, and Issues.

    4. To modify associations or adjust the weight of a control, select Edit Associations.

    5. To view completed risk cards, select Filter and then choose Completed.

    6. From the Completed list, you can further modify the Impact and Likelihood and then select Scoreand Finish.

    7. (Optional) If you still wish to switch platforms to make changes, select Open in Projects.
      This opens the Projects app in a new tab.

    Risk assessments assigned to you within Risk Manager

    1. After finishing the risk assessment, select Complete.

    2. Scroll to the bottom of the card to view the Related Controls section, which includes a list of controls linked to a risk, along with the user details.

    3. (Optional) Select the linked risks to view them in Risk Manager.

    4. To view completed risk cards, select Filter and then choose Completed.

    5. From the Completed list, you can further modify the Impact and Likelihood and then select Update.

    6. (Optional) If you still wish to switch platforms to make changes, click Open in Risk Manager.
      This opens the Risk Manager app in a new tab.

Getting information about assessing a risk

You assess risks to determine their potential threat level to the organization by evaluating the impact and likelihood of the risk, and then calculating the risk score. You can calculate the inherent risk score in both risk and risk event assessment records.

Risk Scoring Factor Description

Likelihood

Low, Medium, High

Impact

Low, Medium, High

How are risk values handled between the Risks and Risk Assessments sections?

Risks section

  • You can select values for impact and likelihood to update both the inherent and residual risk scores.

  • The inherent and residual risk scores represent the overall risk and can be updated when the card is still in progress or even after it’s completed.

  • Impact and likelihood values can be adjusted or removed at any time.

  • The dropdown menu for selecting impact and likelihood offers options for low, medium, and high.

Risk assessments section

  • The inherent and residual risk scores are not shown because they relate to the parent risk. Instead, they help you (the risk owner) make decisions by focusing on specific details.

  • The rating options can extend beyond low, medium, and high, allowing for customization and color coding to represent different risk levels. This includes default colors for improved visibility and clearer differentiation of risk levels.

  • Info icons appear next to Likelihood and Impact. Hover over them to view definitions added by the risk owner or admin during Risk Manager setup. If no definitions are set, the icons do not appear.

  • After a risk assessment card is finalized, you cannot deselect values. To make changes, you must go to the completed list and update them, but deselecting is not allowed.