Using Your Risk Register
The KCM GRC Risk Management module includes the Risk Register, which is a central location where you can manage risks. In your Risk Register, you can add new risks that your organization identifies, view the risks that you've created, assign Likelihood and Impact to risks, and export a CSV file of your risks.
You can navigate to your Risk Register by selecting the Risk Register tab from your navigation panel. For general information about the Risk Management module, see our Risk Management Module Guide.
For more information about your Risk Register, see the sections below:
Jump to:
Risk Categories and Subcategories
Adding Risks to Your Risk Register
Using the Risk Register Page
To learn about the actions you can perform and the items you can view from your Risk Register, see the screenshot and list below: 
- Import Risks: Click this button to import risks with a CSV file. For more information, see the Importing Risks section below.
- Add New Risk: Click this button to create an individual risk or to add a risk from the Master Risk Repository. For more information, see the Creating Individual Risks section below.
- Export CSV: Click this button to export a CSV file of the risks in your Risk Register. For more information, see the Exporting Risks section below.
- Search bar: Use this search bar to search for a risk's name or description. Once you've entered a word, the number of results will display in each category. Click a category to view the search results in that category.
- Filter: Open this drop-down menu to filter your Risk Register by affected asset, category, number of controls, and more. Once you've applied filters, the number of results will display in each category.
- Category: View the name of each category.
Tip: You can create additional, custom categories in the Risk Settings section of your Account Settings. For more information, see the Creating Custom Categories section below. - # items need to be updated: This label displays the number of risks in each category that need to be updated for likelihood and impact. If you narrowed your risks by using the search bar or filters, this number will change to represent the number of results in each category.
Note: When you add risks by using the Risk Wizard or importing risks, the risks will be added without a Likelihood or Impact. Therefore, those risks will be included in this count.
Risk Categories and Subcategories
Your Risk Register automatically includes six categories, including a Custom category. When you add risks to your Risk Register, you can select a category and subcategory to add the risk to.
To learn about the subcategories under each category in your Risk Register, select a category from the tabs below:
- Commercial
- Reputation
- Stakeholder
- Technological & Obsolescence
- Lawsuit
- Product Recall
- Negative Publicity
- Hurricanes & Tornadoes
- High Winds
- Plate Tectonics
- Earthquake
- Building Strength
- Asteroids
- Volcanoes
- Radioactive Decay
- Radiation
- Asbestos
- Ground Water
- Sea Level
- Coastal Erosion
- Credit
- Insurance
- Pension
- Market
- People
- Systems & Equipment
- Legal & Compliance
- Security
- Project
- External Events
- Business Processes
- Environmental
- Workplace Health & Safety
- Corrupt Practice
- Social Responsibility
- Quality
- Process
Creating Custom Categories
In addition to the six default categories in your Risk Register, you can also add custom categories that fit your organization's unique risk management initiatives. You can assign a name and description to each custom category that you create.
To learn how to add custom categories to your account, see the Risk Settings section of our How to Manage Your KCM GRC Account Settings article. After you create a custom category, you can add the risks in your Risk Register to the custom category.
Adding Risks to Your Risk Register
We recommend that you start adding risks by using our Risk Wizard tool. For more information, see our How to Use the Risk Wizard article.
You can also add custom risks by importing risks in bulk, creating risks individually, or creating risks for vendors. For more information about each of these methods, see the subsections below.
Importing Risks with a CSV File
If your organization has already identified its applicable risks, you can quickly add them to your account by importing a CSV file. For more information, see our How Do I Import Risks into My Risk Register with a CSV File? article.
Creating Individual Risks
To create an individual risk, follow the steps below:
- Log in to your KCM GRC platform.
- From your navigation panel, navigate to Risk Management > Risk Register.
- Click the Add New Risk button.
- Fill out the fields on the Quick Add Risk page. For more information, see the screenshot and list below:
Note: We recommend that you avoid including the < and > special characters in these fields. These characters may result in text being removed from fields.
- Search Master Risk List?: Enable this toggle if you would like to add a risk from our Master Risk Repository instead of creating a custom risk. The Search Master Risk List search field will appear and you can search keywords to find applicable risks. For more information about our Master Risk Repository, see our How to Use the Risk Templates Tab article.
- Risk Name: Enter a name that represents the scope of what the risk poses to your organization. For example, you could enter "Data Breach".
- Description: Describe the threat that the risk poses to your organization, such as the physical locations, systems, employees, third parties, and processes that would be affected by the risk.
- Consequences: Describe the potential outcomes of the risk occurring, such as the physical locations, systems, employees, third parties, and processes that would be impacted by the risk.
- Risk Owner: Enter the name of the person in your organization who is responsible for managing the risk.
- Affected Asset: Describe a physical asset in your environment that the risk would affect if it occurred.
- Category: Select the category that the risk fits in. For more information, see the Risk Categories and Subcategories section above.
- Subcategory: After selecting a Category, select the subcategory that the risk fits in. The set of subcategories will differ depending on the category that you've selected. For more information, see the Risk Categories and Subcategories section above.
- Risk Status: Select a status for your risk. Risk statuses describe the state of the risk and what efforts your organization needs to perform to manage the risk, such as mitigation efforts, acceptance, or transference of the risk. For more information about the risk statuses, see the table below:
Risk Status Description Avoidance Select this status if your organization is changing plans, parameters, or strategies to avoid the risk. Mitigation Select this status if your organization is performing actions to reduce the likelihood and impact of the risk occurring. Transfer Select this status if your organization is transferring the responsibility of the risk to another person, group, or organization that can better manage the risk. Acceptance Select this status if your organization is accepting the risk instead of working to mitigate it. Typically, this status means that the risk's Likelihood and Impact are within your organization's range of tolerance. Triggered Select this status if an event has happened that caused the risk to occur. Closed Select this status if your organization is no longer managing the risk. Typically, this status means that the risk has been eliminated. Other Select this status if the risk does not fit into any of the statuses above. - Tags: Assign tags to risks to organize, find, and sort your risks. To create a new risk tag, enter one or more words in the field, then press Enter on your keyboard. Tags have a maximum of 25 characters, including spaces. To select an existing risk tag, click the drop-down menu to view existing tags. Then, select a tag to add it to the risk.
- Likelihood: Determine the likelihood of the risk occurring. The Likelihood will impact your Inherent Risk Score. For more information about risk Likelihood and Impact, see the Risk Likelihood and Impact section of our Risk Management Module Guide.
- Impact: Determine the impact that the risk would cause for your organization. The Impact will impact your Inherent Risk Score. For more information about risk Likelihood and Impact, see the Risk Likelihood and Impact section of our Risk Management Module Guide.
- Inherent Risk Score: This number will automatically calculate as you change the risk's Likelihood and Impact. For more information, see our Risk Scoring Guide.
- (Optional) If you would like to create another risk, select the Add Another check box.
- Click the Create button to add the risk to your Risk Register.
Creating Risks for Vendors
If you have access to the Vendor Risk Management and Risk Management modules, you can create risks for the vendors or third parties your organization works with. To learn how to create risks for vendors, see the Creating Risks for Vendors section of our How to Create and Manage Vendor Profiles article.
Viewing and Updating Risks
From your Risk Register, you can view and update your risks. You can also use the Notes widget to communicate information about risks.
To update a risk, follow the steps below:
- From your navigation panel, navigate to Risk Management > Risk Register.
- To find a risk, use the search field to search for keywords in the risk name. You can either search all of your risks or expand a category to search for risks within that category.
- Select a risk's name to open the View Risk page for that risk.
- Click the Update button in the Risk Details section of the page.
Tip: To assign Likelihood and Impact scores, you'll need to update your risks. This step is part of the risk management process that we recommend for KCM GRC.
Exporting Risks
If you would like, you can export a CSV file that contains information about the risks in your Risk Register. To generate this CSV file, navigate to your Risk Register and click the Export CSV button. Then, navigate to the Data Exports tab and click the cloud icon next to the export. For more information, see our Data Exports Guide.
After downloading your CSV file, open the file to view your risk information. For details about the information that will display under each column header, see the table below:
Select Columns widget
| Column Header | Description |
| Risk Name | This column will display the name of the risk. |
|
Description |
This column will display the description of the risk. |
|
Risk Owner |
This column will display the name of the person who is responsible for managing the risk. |
| Date Created | This column will display the date and time that you created the risk. The date and time use Coordinated Universal Time (UTC). |
| Consequences | This column will display the description of the risk's consequences. |
| Mapped Controls | This column will display the number of controls that are mapped to this risk. |
| Likelihood |
This column will display the Likelihood that is assigned to the risk. For information, see the Risk Likelihood and Impact section of our Risk Management Module Guide. Note: If you haven't selected a Likelihood for the risk, the Likelihood will default to Rare and this column will display 1.
|
| Impact |
This column will display the Impact that is assigned to the risk. For information, see the Risk Likelihood and Impact section of our Risk Management Module Guide Note: If you haven't selected an Impact for the risk, the impact will default to Low and this column will display 1.
|
| Inherent Risk Score |
This column will display the Inherent Risk Score for the risk. For more information, see the Inherent Risk Score section of our Risk Management Module Guide Note: If you haven't assigned a Likelihood and Impact to the risk, this column will display 1.
|
| Residual Risk Score |
This column will display the Residual Risk Score for the risk. For more information, see the Residual Risk Score section of our Risk Scoring Guide. |
| Category | This column will display the category that the risk is in. |
| Subcategory | This column will display the subcategory that the risk is in. |
| Tags | This column will display tags that are added to the risk. |
| Risk Status | This column will display the status that is selected for the risk. |
| Number of Mapped Requirements | If the risk is mapped to one or more controls and there are scoped requirements mapped to these controls, this column will display the number of scoped requirements. |
| Affected Asset | This column will display any affected asset information that you've entered for the risk. |
Deleting Risks in Bulk
If you no longer need a set of risks you can permanently delete them from your Risk Register.
To delete risks in bulk, follow the steps below:
- From your navigation panel, navigate to Risk Management > Risk Register.
- Select the check boxes next to the risks that you would like to delete.
- Click the Delete button.
- In the pop-up window that opens, enter DELETE into the field to confirm the deletion.
- Click the Delete button.
Comments
0 comments
Article is closed for comments.