Menu

KCM GRC Risk Management: Overview

Avatar
Lauren Ashley
Updated
Follow

Risk Management Module: Overview and Risk Components

Risk Management is a module within the KnowBe4 KCM Governance, Risk, and Compliance (GRC) platform that is available to Gold and Platinum subscriptions. This feature is designed to simplify the processes of identifying, assessing, monitoring, and mitigating the various risks faced by your organization. 

This article provides an overview of the concepts and areas of the console you’ll become familiar with when working in KCM GRC’s Risk Management module.

Jump to:

Additional Resources

Risk Wizard

Risk Register

Risk Dashboard

Risk Templates

Components of KCM GRC Risk Items

 

Additional Resources 

Back to Top

Risk Wizard

As a best practice, when getting started with this module we recommend using our Risk Wizard tool. It offers a streamlined approach to identifying and adding the necessary risks to your account. See our Risk Wizard guide for more information. 

Back to Top

Risk Register

The Risk Register is the central location of your Risk Management module. It contains all of the risks that have been identified and added to your console. From here you can add new risks and update your existing risks. See our Risk Register guide for details on all of the capabilities in the Risk Register.  

Back to Top

Risk Dashboard

The Risk Dashboard provides an overview of your Risk Management processes in KCM GRC. Here you'll find interactive graphs and a list of the greatest risks currently faced by your organization. See our Risk Dashboard guide for details.

Back to Top

Risk Templates

The Risk Templates area is a master repository for all risks. It includes the risks you've uploaded or added to your account, as well as the risks included in our Master Risk Repository. See more information in our Risk Templates guide.

Back to Top

Components of KCM GRC Risk Items

When working in KCM GRC's Risk Management module, there are a few important components that help you better understand the spectrum of risks faced by your organization.

Properly using the following components will increase the efficiency of your risk management process. See the following sections for details. 

Risk Likelihood and Impact

Each Risk added to your account should be assigned a measure of Likelihood and Impact.

  • Likelihood - A rate of probability or chance that a risk will impact your organization.
    KCM GRC offers five states of Likelihood: Rare, Unlikely, Reasonably Possible, Likely, or Almost Certain.
  • Impact - The rate of the effect a risk would impose on your organization, should it occur.
    KCM GRC offers five states of Impact: Low, Minor, Moderate, Major, Catastrophic.

See the table below for KCM GRC's description of each measure of Likelihood and Impact, and the scores of each. These scores determine Inherent Risk Scores. See this article for more information on Inherent Risk Scores.
For details about KnowBe4's process for developing KCM GRC's risk management scoring scale, please see: KCM GRC: Risk Likelihood and Impact Scoring.

Likelihood Description Score Impact Description Score
Rare Chance of occurrence: 5% Low If the risk occurred it would cause a less than minor mission, system, or program degradation.    1
Unlikely Chance of occurrence: 5% - 9% Minor If the risk occurred it would cause only a small cost and schedule increase; requirements could still be achieved.
Reasonably Possible Chance of occurrence: 10% - 19% Moderate If the risk occurred it would cause moderate costs and schedule increases; important requirements could still be met.  
Likely Chance of occurrence: 20% - 49%  8 Major If the risk occurred it would cause major cost and schedule increases; secondary requirements may not be achieved.  
Almost Certain Chance of occurrence: more than 50%  13 Catastrophic If the risk occurred it would cause a complete program, system or mission failure; minimum acceptable requirements could not be met. 13 

 

Inherent Risk Score, Treatment Score, and Residual Risk Score

You will use Inherent Risk Scores, Risk Treatment Scores, and Residual Risk Scores together in KCM GRC. These scores help you understand the severity of each risk that your organization faces–both before and after you make efforts to reduce or mitigate risks.

To learn more about these three scores, please see our KCM GRC Risk Management: Risk Scoring article. 

Back to Top

 

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles