The KCM GRC Risk Management module is available to Gold and Platinum subscriptions. The Risk Management module can help you simplify the process of identifying, assessing, monitoring, and mitigating the risks that your organization faces.
See the sections below to learn how to use your Risk Management module.
Using the Risk Wizard
As a best practice, we recommend that you start using the Risk Management module by using our Risk Wizard tool to add risks to your Risk Register. The Risk Wizard offers a streamlined approach to help you identify and add common risks to your platform. For more information, see our How to Use the Risk Wizard article.
Using Your Risk Register
Next, we recommend using your Risk Register to add, view, and update your organization's risks. Your Risk Register will contain all of the risks that you have added to your platform. For more information, see our How to Use Your Risk Register article.
Monitoring Your Risk Dashboard
After you've added risks to your Risk Register, we recommend using the Risk Dashboard to monitor your organization's risks. The Risk Dashboard displays information about your risks in tables and graphs so you can view data about your top risks, risk tags, risk scores, and risk categories. For more information, see our How to Use the Risk Dashboard article.
Using Risk Templates
If you would like to quickly add risks by using existing risks as templates for new risks, you can use the Risk Templates tab. The Risk Templates area includes the risks you've uploaded or added to your account and the risks that are included in our Master Risk Repository. For more information, see our How to Use the Risk Templates Tab article.
Using Risk Measures and Scores
As you work in your Risk Management module, we recommend that you use risk measures and scores to better understand the risks that your organization faces.
See the subsections below for more information.
Risk Likelihood and Impact
When you add risks to your account, you should assign a measure of Likelihood and Impact to them. Likelihood is a measure of the that a risk will impact your organization. Impact is a measure of the damage a risk would cause for your organization if it occurred.
For more information, see the Likelihood and Impact Ratings section of our Risk Scoring Guide.
Inherent Risk Score and Residual Risk Score
You can use Inherent Risk Scores and Residual Risk Scores to assess your risks before and after control treatment. These scores can help you understand the severity of each risk that your organization faces.
For more information, see our Risk Scoring Guide.