Using the Risk Management Module
Risk Management is a module within the KnowBe4 KCM Governance, Risk, and Compliance (GRC) platform that is available to Gold and Platinum subscriptions. This module is designed to simplify the processes of identifying, assessing, monitoring, and mitigating the various risks faced by your organization.
This article provides an overview of the concepts and areas of the console that you’ll become familiar with when working in KCM GRC’s Risk Management module.
As a best practice, when getting started with this module we recommend using our Risk Wizard. It offers a streamlined approach to identifying and adding the necessary risks to your account. See our Risk Wizard guide for more information.
The Risk Register area is the central location of your risk management module. It contains all of the risks that have been identified and added to your console. From here you can add new risks and update your existing risks. See our Risk Register guide for details on all of the capabilities in the Risk Register.
The Risk Dashboard area provides an overview of your risk management processes in KCM GRC. Here you'll find interactive graphs and a list of the greatest risks currently faced by your organization. See our Risk Dashboard guide for details.
The Risk Templates area is a master repository for all risks. It includes the risks you've uploaded or added to your account, as well as the risks that are included in our master risk repository. See more information in our Risk Templates guide.
Components of Risk Items
Properly using the following components will increase the efficiency of your risk management process. See the following sections for details.
Risk Likelihood and Impact
Each risk added to your account should be assigned a measure of Likelihood and Impact.
- Likelihood - A rate of probability or chance that a risk will impact your organization.
KCM GRC offers five states of Likelihood: Rare, Unlikely, Reasonably Possible, Likely, or Almost Certain.
- Impact - The rate of the effect a risk would impose on your organization, should it occur.
KCM GRC offers five states of Impact: Low, Minor, Moderate, Major, Catastrophic.
See the table below for KCM GRC's description of each measure of Likelihood and Impact, and the scores of each. These scores determine Inherent Risk Scores. See our Risk Scoring article for more information about Inherent Risk Scores.
For details about KnowBe4's process for developing KCM GRC's risk management scoring scale, please see our Risk Likelihood and Impact Scoring document.
Inherent Risk Score, Treatment Score, and Residual Risk Score
You will use Inherent Risk Scores, Risk Treatment Scores, and Residual Risk Scores together in KCM GRC. These scores help you understand the severity of each risk that your organization faces–both before and after you make efforts to reduce or mitigate risks.
To learn more about these three scores, see our Risk Scoring article.