Using the Risk Management Module
The KCM GRC Risk Management module is available to Gold and Platinum subscriptions. The Risk Management module can help you simplify the process of identifying, assessing, monitoring, and mitigating the risks that your organization faces.
See the sections below to learn how to use your Risk Management module.
Using the Risk Wizard
As a best practice, we recommend that you start using the Risk Management module by using our Risk Wizard tool to add risks to your Risk Register. The Risk Wizard offers a streamlined approach to help you identify and add common risks to your platform. For more information, see our How to Use the Risk Wizard article.
Using Your Risk Register
Next, we recommend using your Risk Register to add, view, and update your organization's risks. Your Risk Register will contain all of the risks that you have added to your platform. For more information, see our How to Use Your Risk Register article.
Monitoring Your Risk Dashboard
After you've added risks to your Risk Register, we recommend using the Risk Dashboard to monitor your organization's risks. The Risk Dashboard displays information about your risks in tables and graphs so you can view data about your top risks, risk tags, risk scores, and risk categories. For more information, see our How to Use the Risk Dashboard article.
Using Risk Templates
If you would like to quickly add risks by using existing risks as templates for new risks, you can use the Risk Templates tab. The Risk Templates area includes the risks you've uploaded or added to your account and the risks that are included in our Master Risk Repository. For more information, see our How to Use the Risk Templates Tab article.
Using Risk Measures and Scores
As you work in your Risk Management module, we recommend that you use risk measures and scores to better understand the risks that your organization faces.
Risk Likelihood and Impact
When you add risks to your account, you should assign a measure of Likelihood and Impact to them. Likelihood is a measure of the that a risk will impact your organization. Impact is a measure of the damage a risk would cause for your organization if it occurred.
See the table below for KCM GRC's description of the Likelihood and Impact measures and the scores associated with each measure. These scores determine the Inherent Risk Scores of your risks. For more information, see our Risk Scoring Guide.
|Rare||Chance of occurrence: 5%||1||Low||If the risk occurred it would cause a less than minor mission, system, or program degradation.||1|
|Unlikely||Chance of occurrence: 5% - 9%||3||Minor||If the risk occurred it would cause only a small cost and schedule increase. Requirements could still be met.||3|
|Reasonably Possible||Chance of occurrence: 10% - 19%||5||Moderate||If the risk occurred it would cause moderate costs and schedule increases. Important requirements could still be met.||5|
|Likely||Chance of occurrence: 20% - 49%||8||Major||If the risk occurred it would cause major cost and schedule increases. Secondary requirements may not be met.||8|
|Almost Certain||Chance of occurrence: more than 50%||13||Catastrophic||If the risk occurred it would cause a complete program, system, or mission failure. Minimum acceptable requirements could not be met.||13|
For details about KnowBe4's process for developing KCM GRC's risk management scoring scale, see our Risk Likelihood and Impact Scoring document.
Inherent Risk Score, Treatment Score, and Residual Risk Score
You can use Inherent Risk Scores, Risk Treatment Scores, and Residual Risk Scores together in KCM GRC. These scores can help you understand the severity of each risk that your organization faces, before and after you make efforts to reduce or mitigate risks.
To learn more about these three scores, see our Risk Scoring Guide.