Working with risks

A risk is an uncertainty or opportunity that may result from business decisions. Some risks can affect your organization’s daily operations. Identifying and mitigating these risks ensures smooth operations.

Risks are classified into the following categories:

  • Compliance and regulatory risk For example, introduction of a new rule or legislation.
  • Financial risk For example, a sudden increase in interest rates on a loan or a non-paying customer.
  • Operational risk For example, theft of equipment or system outages.

Each risk must be identified, linked to relevant library objects, and assessed. Your organization can then determine the best methods to prioritize and mitigate those risks.

Adding a risk

To add a risk:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select + Add Risk.
  3. In the Add Risk panel:
    1. Enter a name for your risk.
    2. Fill in other relevant details.
    3. Select one of the following:
      • Add Risk to save the risk and close the panel.
      • Save & Add New to save the risk and add another one.

    Your risk is now created and appears on the Risk details page. You can select the risk name to view the risk details and update the risk.

Adding AI-suggested risks

The AI-powered risk identification feature enhances enterprise risk management by using artificial intelligence to analyze risk data from SEC Form 10-K filings. This capability enables organizations with developing or immature risk management practices identify relevant risks more effectively. If you are a risk manager, you can use AI-suggestions to identify relevant risks from a large library, add them to your own risk library, and leverage insights from peer organizations.

To search for and add AI-suggested risks to your risk library:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. On the Risk Details page, select + Add Risk with AI.

  3. (Optional) On the AI risk suggestions page:

    1. Select and apply one or more of the available filters to narrow your search:

      • Industry

      • Risk Category

      • Company

    2. After you select the filters, select Apply and save filters.

  4. Review the list of suggested risks displayed in the dashboard. Risks are sorted based on relevance.

    To refine the search further, do the following:

    1. Use the search box to enter a keyword and refine the list of AI-suggested risks.

    2. Select the filter icon to apply additional filters.

  5. To add a risk, select one of the following options:

    1. Quick add Select Quick add to add the risk as is.

    2. Edit Select Edit details and do the following:

      1. In the Add risk panel, make the required changes in the following fields:

        • Risk name

        • Risk category

        • Risk description

      2. Select Add to save the changes.

      The risk is added to your risk library.

Adding or updating the owner of a risk

To add or update the owner of a risk:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. From the Risk list, select the name of the risk for which you want to add or update the owner.

    The Details tab is displayed.

  3. In the Risk Owner field, assign a user and select Save Changes.

    The risk is assigned to the selected user and an email is sent to notify the owner.

Moving a risk through different workflows

After creating a risk, you can move it through different workflow states depending on your business needs. Some workflow states may require some fields to be filled in before you can proceed.

To move a risk from Draft to Identification and then to Analysis state:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk you want to update.

    The Risk details page opens with the Details tab.

  3. Enter the required details, such as risk ID, description, and owner.
  4. Select Save Changes.
  5. In the top-right corner, select Identify.

    The workflow status updates to Identification.

  6. After reviewing and verifying the required details, select Validate.

    The workflow status updates to Analysis.

Note

You can follow the steps mentioned above to move the risk through the remaining workflow states according to your business needs.

Linking a risk to different objects

Risks are often associated with various assets and library objects across your organization. Capturing these relationships and linking the risks with the objects helps in accurately assessing and managing the impact of a risk.

To link a risk to different objects:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk you want to work with.

    The detailed risk page opens with the Details tab.

  3. Navigate to the Relationship tab and do the following based on what you want to link:
    • To link an asset:
      1. Select Link Assets.

      2. In the Link Assets dialog box:

        1. Select the type of asset and the specific asset.
        2. Select Link Assets.

          The asset is now linked to the risk.

    • To link a control:
      1. select Link Controls.

      2. In the Link Controls dialog box:

        1. Select the type of control and the specific control.
        2. Select Link Controls.

          The control is now linked to the risk.

    •  To link a risk assessment:
      1. Select Link Risk Assessments.

      2. In the Link Assessments dialog box:

        1. Select the type of risk assessment and the specific assessment.
        2. Select Link Risk Assessments.

          The risk assessment is now linked to the risk.

Note

  • Use the same process to link the risk to other objects such as processes, objectives, or other risks, if those object types are configured in your Risk Manager instance.
  • On the home page, you can link objects by expanding the risk row and selecting Add Relationship. This option is available only if the risk is not already linked to an entity.
  • When you link a risk to another object, a bidirectional link is created. For example, when you link a risk to a control, the relationship is visible in the Relationship tab of both, the risk and the control. If the links are not displaying correctly, contact Support for assistance.

Unlinking a risk from other objects

You can remove existing relationships between a risk and associated assets or other library objects.

To unlink a risk relationship:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk you want to update.

    The risk details page opens with the Details tab selected.

  3. Select the Relationship tab and select the unlink icon next to the object that you want to unlink.
  4. In the Unlink relationship dialog box, select Unlink Object.

    The object is removed from the risk.

Associating a risk with an organizational unit

You can associate a risk in Risk Manager with one or more organizational units. These units constitute the foundation of the enterprise, linking diverse organizational entities across different company segments. This hierarchy also stores departmental and business unit details.

To associate a risk with an organizational unit:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk you want to update.

    The risk details page opens.

  3. Under the Details tab, in the Related Org Unit field, search for and select one or more preconfigured organizational units you want to relate the risk to.

  4. Select Apply Selection.

  5. Select Save Changes.

    The risk is updated. The associated organizational unit appears in the Org Unit column on the Risk Manager home page.

Note

  • The organizational unit hierarchy is preconfigured by the System Admins in your organization. For more information about the hierarchies in the organizational structure, contact your System Admin.

  • If you are a System Admin, navigate to Platform Settings and select Org Structure, to view and manage the list of preconfigured organizational units. To learn more about organizational units, see Organizational Structure.

  • Additionally, you can associate organizational units with assessment records.

Creating a risk assessment

To assess the potential threat level of the risk to the organization, risk managers can add risk assessments. Assessments are generated based on the objects they are linked to.

To create a risk assessment:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk for which you want to create a risk assessment.

  3. On the Risk Details page, go to the Risk Assessment tab.

  4. Select Add Risk Assessment.

  5. In the Add Risk Assessment dialog box:

    1. Enter a name for the risk assessment.
    2. Select Add Risk Assessment.

  6. On the Risk Assessments details page, do the following:

    1. Provide a reference ID and add a description.

    2. Assign an owner for the risk assessment.

    3. (Optional) Select an organizational unit.

  7. Select Save changes. The risk assessment is created and an email is sent to the assessment owner (risk assessor) with the link to the assigned assessment.

Assessing a risk

After identifying, validating, and linking a risk to relevant objects, you can assess it and calculate the risk score. Assessing a risk enables you to evaluate its potential threat level to the organization.

To assess a risk:

  1. Log in to Diligent One using the link in the email that you receive. Based on whether the Assessments integration is enabled or disabled, the Risk Manager or Assessments app opens. You enable or disable Assessments integration in Settings. For more information, see Risk Manager settings.

    If Assessments integration is enabled, the Assessments app opens.

    If Assessments integration is disabled, the Risk Manager app opens.

  2. If you are on the Risk Manager app, on the Risk Assessments details page, do the following:

    1. Select values for Impact and Likelihood.

    2. Choose an inherent risk score from the drop-down list.

    If you are on the Assessments app, for the assigned risk assessments, select values for Impact and Likelihood.

  3. Select Save Changes, to update the risk assessment.

    Assessments are generated based on objects linked to the risk.

  4. Select the risk you want to assess.

    The detailed risk page opens.

  5. In the top right, select Assess.

    Result Assessments are generated, based on objects linked to the risk. To learn more, see How are assessments generated?

Calculating risk scores

You can calculate risk scores in two ways:

  • Using default configuration You can calculate the score for one risk or risk assessment at a time, using this method. For example: The Likelihood and Impact fields are set at a 3 x 3 matrix, with values such as low, medium, and high. For more information, see Using default configuration.
  • Using custom configuration You can customize the formula to calculate the risk and assessment scores for multiple risks or risk assessments simultaneously, using this method. For more information see, Risk and assessment scoring configuration.

Using default configuration

After triggering assessments, you can calculate the inherent risk scores in both the risk and the risk assessment records, by evaluating the Impact and Likelihood of a risk.

See the table below for reference.

  Likelihood High

Medium

 High High
Medium

Low

 Medium High
Low

Low

 Low Medium
  Low Medium High
  Impact

To calculate the risk scores of a risk assessment using the default configuration:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk you want to work with.

    The detailed risk page is displayed.

  3. Go to the Risk Event Assessment tab and select the name of the risk assessment to open it.
  4. Verify the required information.
  5. In the top-right corner, select Assess.

    The workflow status changes to Assessment.

    Note

    Ensure the Impact and Likelihood fields are filled in and saved before selecting Score.

  6. Select Score.

    The risk score is calculated and displayed in the Inherent Risk Score field.

  7. Select Approve to finalize the risk score.

    The risk score is finalized and the workflow status changes to Monitoring.

  8. (Optional) To reassess, select Reassess.

Creating a risk mitigation

Risk mitigation enables you to identify, reduce, track, or eliminate potential threats that could affect your organization’s operations, finances, or reputation. It helps ensure business continuity by proactively managing uncertainties and minimizing losses.

To create a risk mitigation:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. On the Risk Details page, go to the Risk  Mitigation tab.

  3. Select Add Risk Mitigation.

  4. In the Add Risk Mitigation dialog box:

    1. Enter a name for the risk mitigation.

    2. Select Add Risk Mitigation.

  5. On the Risk Mitigation Details page, do the following:

    1. Select an organizational unit.

    2. Provide a description and plan.

    3. Assign an owner for the risk mitigation.

    4. Select the type of treatment from the drop-down list.

    5. Provide remediation details.

    6. Enter dates for planned completion and actual completion.

  6. Select Save Changes. The risk mitigation is created.

Deleting a risk

To delete a risk:

  1. From the Launchpad home page (www.diligentoneplatform.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app.

    Note

    Diligent One Platform also supports the domain www.highbond.com. For more information, see Supported domains.

  2. Select the risk you want to delete.

    The risk details page is displayed.

  3. In the top-right corner, select More optionsand then select Delete.
  4. In the confirmation dialog box, select Delete.

    The risk is deleted.

What's next?

You can now start working with controls to mitigate the identified risks. For more information, see Working with controls.