How Do I Use the Risk Wizard?
The KnowBe4 KCM Governance, Risk and Compliance (GRC) offers a Risk Management module designed to simplify the processes of identifying, assessing, monitoring, and mitigating the various risks faced by your organization. The Risk Wizard is the quickest and easiest way to implement risk management using your KCM GRC platform.
This guide will assist you with navigating through the Risk Wizard. See the sections below to learn more.
What Is the Risk Wizard?
The Risk Wizard offers a simple flow of identifying and adding your organization’s Risks to your KCM GRC platform, so you can evaluate, mitigate, and monitor these threats.
You’ll navigate through the Risk Wizard and select the Risks applicable to your organization from our collection of standard Risks called the Master Risk Repository. The risks in our Master Risk Repository are comprised from the National Institute of Standards and Technology (NIST) Special Publication 800-30, Guide for Conducting Risk Assessments. In addition to the standard Risks you can choose from, you'll have the ability to import or create your own Risks. All of the Risks you select and/or create during the Risk Wizard will be added to your KCM GRC Risk Register upon completion.
Risk Wizard Steps
After logging in to your account, navigate to the Risk Wizard by clicking on Risk Management, then Risk Wizard from the left-hand side navigation panel. Then, follow the steps below to complete the Risk Wizard.
Step 1: Choose a Risk Wizard level based on your organization’s familiarity and maturity with risk management. The level you choose determines the amount and complexity of the Risks offered throughout the Wizard.
Regardless of which wizard level you choose, you can add additional Risks to your Risk Register manually, or from the Risk Wizard, at any time.
|Risk Wizard Level||Description|
|Core||The Core level includes the most common Risks from the Master Risk Repository. This level is a good option if your organization is in the fundamental stages of establishing risk assessment and management processes.|
|Moderate||This level expands on the core-level collection of Risks from the Master Risk Repository, offering additional Risks and vulnerabilities. This level is a good option if your organization is familiar with its Risks, has completed risk assessments, and/or has risk management processes in place.|
|Advanced||This level offers the entire set of pre-populated Risks from the Master Risk Repository. This level is a good option if your organization has completed risk assessments and has fully established risk management processes.|
Use the Select button under the appropriate level to start the Risk Wizard.
Step 2: The Risk Wizard will begin in the Business & Strategic Risks category, with a set of pre-populated, common Risks. Use the expand arrows to the left of the slider buttons to expand each Risk and view its description. Using the slider buttons, select all of the applicable Risks that need to be added to your organization's Risk Register. You can use the Select All From This Category checkbox to select all Risks offered from the category, at that Risk Wizard Level.
Each time you use the Risk Wizard all selected risks will be added to your account. Therefore, if the selected risks have already been added to your Risk Register, this will result in duplicate risks.
Step 3: Repeat step two until you've reviewed and selected the applicable Risks from each category in the wizard.
Step 4: The Manual section of the Risk Wizard offers three options for adding additional Risks to your Risk Register. See the Adding New Risks from the Risk Wizard section below for instructions on each method.
Step 5: The Confirm page is the final page of the Risk Wizard. It will display all of the Risks you've selected, imported, or created in the Wizard. Click the Confirm button to add these Risks to your Risk Register.
After completing the Risk Wizard, the next step is to specify the Likelihood and Impact of each of the Risks you've added. You'll make these specifications from your account's Risk Register. See our KCM GRC Risk Management: Risk Register article for details.
Adding New Risks from the Risk Wizard
When navigating through the Risk Wizard, the Manual segment offers three different methods for adding Risks to your account's Risk Register: (1) Add Risks from the Master Risk Repository, (2) Import Risks with a CSV file, or (3) Create Risks manually.
See the sections below for details on each method of adding new Risks from the Risk Wizard.
Search Master Risk List
From the Search Master Risk List pane, click the Search button and use keywords to display and select relevant Risks from the Master Risk Repository.
For example, if you need to add Risks to your Risk Register that are related to access control, type the word "access" in the search bar to see available Risks, as shown below.
From the drop-down selection, click on a Risk title to see its description.
Click the Save button to add the Risk to your Risk Wizard.
Import Risks from CSV
If you already have a CSV file of your organization's identified Risks, add the Risks to your account by clicking the Import button within the Import Risks from CSV panel. Alternatively, you can import these Risks from the Risk Register page at a later time. See here for more information.
The CSV file specifications are included on the Import CSV Risks pane, shown below. Once you select your CSV file, you'll have the ability to review and Delete Risks before importing them to your Risk Register.
Click the Save Imported Risks button to add the Risks to your Risk Wizard.
Create a Risk
From the Create a Risk panel, click the Create button to build a new Risk for your Risk Register.
The Create a New Risk pane will display. Input the following details to create your Risk:
Name: Give your Risk a descriptive title that represents the scope of what the risk poses to your organization.
Description: Describe the threat that the Risk poses to your organization, including the physical location, systems, employees, third parties, processes, etc. that would be involved if the event were to occur.
Likelihood: Determine the Likelihood that the Risk will occur. This variable will impact your Inherent Risk Score. See here for more information about Risk Likelihood and risk management with KCM GRC.
Impact: Determine the measure of Impact that the Risk would cause to your organization. This variable will impact your Inherent Risk Score. See here for more information on Impact and risk management with KCM GRC.
Category: Select the category that you'd like the Risk to fall under in your Risk Registry. There are six default category options in KCM GRC: Business & Strategic, Environmental & Natural, Financial, Operational & Infrastructure, Compliance, and Custom. You also have the ability to create your own, custom categories from your Account settings. See here for more information on adding custom categories to your Risk Register.
Subcategory: Select a subcategory for the Risk. The Subcategory options will vary depending on the Category selected.
Click the Create Risk button to add the Risk to your Risk Wizard.