Risk Registers

Risk Register - Creating, Viewing and Deleting

Overview

Users can add Risks to survey answers whenever applicable. These risks along with their details such as the name of the System it is applicable to, the severity of the risk and so forth are added to an overall risk register.

The risk register is used to monitor different risks affecting different systems within the business. The information obtained from the survey answers about various systems, processes, functions etc can be used to create an overall register of risks. With this register, monitored risks can dealt with based on their severity, type of impact, likelihood etc.

How to add a new Risk to the Risk Register

Note: The only way to create a new risk is through survey answers

Log in to your Data Governance Tool account.
From the hamburger menu present on the top left corner of the Dashboard, click on Survey.
On the Survey page, ensure the Distribution View toggle is disabled.
On the Survey Data page, click the Analyse button against the survey whose answers with which you wish to create risks.
On the View Answer tab, from the drop-down menu, select one of the user groups to whom the survey was distributed
Here you can view the answers of the survey along with any notes or risks added to them.
Answers with Risks mapped to them will have a red flag present next to it as shown below.
To create new Risks, click on the toggle next to Risk Register
To view/create Notes, click on the toggle next to Notes.
Once Risk Register view has been enabled, you will be able to configure the risks and map them to the answers.
To add a new Risk, click on Add/View Risk Register
Search: With this, you can name/select the code of the risk you are creating.
You can either create a new risk by clicking +New
Or you can choose to add another iteration of an existing risk. You can search for the code of the risk you wish to create another iteration of by typing in the code in the Search for code box.
By clicking on +New, a new box will appear requesting details such as Risk Title/Name, Code, Risk Status, System Name, Severity Value, Severity Value Assessment Date, Risk Type, Risk Owner, Risk Description, Treatment Status, Controls in Place, Likelihood, Type of Impact, and Maximum Financial Impact.
Once you enter these details, you can click on Save to save the configured Risk.
Creating a new iteration - from the drop-down menu, choose an existing risk to add another iteration of it. For example, you previously created a risk and added the code -- RiskCC. If you select RiskCC from the drop, then the code of the risk being configured will be RiskCC1. This code name will be autogenerated. If the code you selected from the menu is PIA256, then the code of the risk being configured will be PIA257. In another case, if the code selected is PIA, and PIA1, PIA2 and PIA3 already exist, then the code of the new risk being configured will be PIA4.
The risk being configured, in this case, RiskCC1 will have all the configurations of the risk selected from the menu (here RiskCC) already set. However, they can be edited.
Select +New to create a new risk altogether. The risk configuration tab will open
Risk Title/Name: Type in a name for the Risk you are creating.
Code: Create a new code or make changes to the auto-generated code if needed
Once the code name has been validated, the following message will appear, and a green tick will appear beside the code name. This happens to ensure that there aren't 2 risks with the same code name
System Name: From the drop-down, select the Systems to which you want the Risk mapped. The System on the drop-down menu will be the Systems associated with the Survey Group. In other words, you can only map the risk to Systems that were selected while creating the survey group.
The Risks mapped to Systems will be visible on the DataMap. To view the Risks, go the System in question on the DataMaps module, on the System Details page, under the Tab -- Risk Mapping, the Risk Register Field will be available. Here you can view the risks mapped to this system.
DataMap > System Names > System > System Details > Risk Mapping > Risk Registers
Click the Risk to view its details on the System Details page
Severity Value: Set the severity value of the risk. The higher the number, the more severe the risk
Severity Value Assessment Date: Select the date on which the risk should be assessed.
Risk owner: Select a user to whom the risk is to be assigned
Risk Description: Provide a brief about the details of the risk here.
Treatment Status: From the drop-down set the priority of the risk as required. This risk can be treated based on the selection made here
Controls in place: Here you can enter the measures that are currently in place to combat/prevent such risks. For example, NIST or ISO controls.
Likelihood: Set the likelihood of the risk occurring.
Type of Impact: Provide the type of impact anticipated due to the risk identified
Maximum Financial Impact: Enter the expected financial impact of the risk.
Once the configuration has been completed, Click Save
Once the risk configuration has been saved, the following message will appear

Viewing the Risk Register

All risks created can be viewed and accessed from the Risk Register. The Risk Register provides a comprehensive view of all risks and their details in the form of a heatmap as well as in a tabular form.

From the hamburger menu, click on Risk Register
By default, the Risk Register page will display the risks in the form of a Heatmap graph.
Hover over the coloured blocks to see the risks included in that block. You can obtain the likelihood of the risk occurring and the severity of the risk by viewing this graph
Note: Clicking on any block will take you to the tabular view of the risks included in that block.

Grid View - Risk Register

Click on Show as Grid View to access the risks in a tabular form. Here you can view all the details of the risks such as their codes, owners etc.
Once a risk has been created, the Risk Status of that risk will automatically be displayed as Initiated.
The status of the risk can be changed as required by making a selection from the drop-down menu
Note: If Closed is selected as the status of the risk, then that risk will be moved to the Archived table as the per the configuration set on the Delete Configuration page. In other words, if the configuration is set for 2 years, any risks with the status - Closed, will be moved to the Archived table after 2 years from the date of closing.
Click on any risk to make modifications to it. Once you click on the risk, the following page will open from where you can edit/update the risk.
Click Save Changes to update the edits to the risk
Risks can be deleted by clicking the Delete icon on the row of the risk. Scroll to the right of the table to find the Delete icon.
Risks can be archived by clicking the Archive icon on the row of the risk. Scroll to the right of the table to find the Archive icon.

Archived Risks

Click on Archived to view the risks that have been archived.
This can happen either by manually clicking the Archive button on the row of the risk or by setting the status of the risk to Closed. Depending on the configuration time, risks with the status Closed will automatically move to the Archived table.
Here all the details of the archived risks will be visible, however no edits can be made to the risk from Archived table.
Note: Risks from the Archived table will be permanently deleted after a certain period of time. This period of time is determined by the configuration made on the Delete Configuration page. If for example, the configuration is set to 3 years, then the archived risks will be deleted automatically after being present on the Archived table for 3 years.
The configuration to delete depends on the Deletion Date of the risk. The Deletion Date is the date on which the risk was moved to the Archived table.
The Deletion Date can be found by scrolling to the right of the Archived Table
Risks can be made active again/ moved to the Risk Register table by clicking the Undo icon on the row of that risk. The Undo icon can be found by scrolling to the right of the Archived Table.
The contents of both tables -- Risk Register and Archived can be exported in an Excel or CSV format by clicking the Export button found at the top right of the table

Adding Notes to Risk Register

The Notes feature in Risk Register can be used to add comments/annotations, with the option to label the notes and mention the users in the notes.

Notes can be accessed for each risk register by following the steps below:

Go to Risk Register on the Data Governance Tool
Click "Show as Grid View" to see the risk registers in grid view
Select the Risk Register for which you want to add the Note
Go to the Notes tab
The Notes section shows the options for Filter and New Post
The Filter option allows you to filter the existing Notes based on the following criteria:
• Search Message and comments: Perform search using the keywords in the notes
• Created by: Search for notes created by a user
• Search Category: Search for notes based on their category
• Search Tags: Search for notes based on the Tags added to it
• Filter by Created Time: Search for Notes based on their date of creation, e.g., All, Last 5 Days, Last 10 Days, Last 30 Days.
The Reset Filter option at the bottom of the page allows you to reset the search criteria.

Creating a New Note

Click the New Post button under the Notes section
A new window will appear on the screen with the following options:

The Add a Post field is for adding the comments or annotations that you wish to share with the team.
Tip: You can mention a user in the notes by adding the symbol "@" followed the user's name. The Note will appear on the user's Dashboard, and they will also receive an email notifying them about the Note along with the link to access the Note.
The Tags option allows you to add tags/labels to a note.
Clicking on the X symbol on the top right corner will close the window and discard the Note
The Categories button allows you to assign a category for the note.

The available categories are:

Todo (denotes a task to be performed)
Important (marks the Note as "important")
Question (denotes that a question has been posted for the team)
Idea (denotes that an idea has been posted for the team)
Critical (denotes that the Note has been labelled as "critical")

Based on the Tag assigned to the Note, the symbol for that respective category will appear at the bottom of that Note.

For example, here we have created a Note with the comments "Test", tagged as "RR", and the category "Important", which has been denoted with the symbol for the same.

Text Description automatically generated

The Attach option allows you to add an attachment to the Note
After drafting the notes and making the necessary changes, click the Send button to post the Note

After posting the Note, you'll see the following options on the Note:

The Archive option performs soft deletion of the Note.
The Edit button can be used to make changes to the Note
The Delete button can be used to delete the Note

Delete Configuration

The Delete Configuration page is used for Risks under 2 situations

To determine when a risk marked as closed will move from the Risk Register Table to the Archived Table
To determine when the risk present on the Archived table will be permanently deleted.

To set the Delete Configuration, follow these steps.

Click on the Settings icon present on the top of any screen on Data Governance Tool
From the Settings drop-down, select Delete Configuration
The Delete Configuration page will open
Risk Register Archive: Here you can configure when the risks marked Closed (status set to Closed) will be moved to the Archived table. Type, in the Duration field, the number of years as per your requirement.
If the number you typed in the Duration field is 2, then risks marked closed will move to the Archived table after 2 years from the date on which it was marked closed.
Once the configuration has been made, Click the Save button against that configuration
Risk Register Delete Archive: Here you can configure when the risks present on the Archived table will be permanently deleted. The delete config duration will be counted from the Deletion Date. The Deletion Date is the date on which the risk was moved to the Archived table.
For example, If the number you typed in the Duration field is 4, then the risks on the Archived table will be permanently deleted after 4 years from the date on which it was moved to the Archive table.
Once the configuration has been made, Click the Save button against that configuration

TEMPLATES

To open Templates, click on the Risk Register from the Hamburger Menu.

Select "Show as Grid View"

Now, click on Templates, where you can find pre-existing Risk Register Templates.

To create a new template, simply click on "Add Template".

You must then, enter details similar to those you did in the Survey Data page when Adding Risk Register.

Should there be an Answer with relation to the New Risk Register; by entering the below details, it is automatically added to the Answer in the Survey.

Risk Category- From the drop-down menu, select between 4 options of priority- None, Low, Moderate, and High.
Answer Match Condition- Here, you must select the operation under which you would like to add the newly created Risk Register from the drop-down menu. For example, should you select 'Contains' from the drop-down menu, and enter 'Test' in the blank value next to it, the Answers consisting of the value has the New Risk Register added to them upon creation of Register. Similarly, with ExactMatch, it is an exact match of the value in the Answer.
Answer Match Values- Enter accurate details of Answer Match Values here. You may enter multiple values.
Choose a Save Condition option whether- None, All criteria satisfy, or Any criteria satisfy, finally click on Add.
All Criteria Satisfy- All of the entered match values along with the Answer Match Condition are satisfied.
Any Criteria Satisfy- Some but not all and in some cases, any of the entered match values relating to the Answer Match Condition is satisfied.
None- None of the criteria is satisfied in an Answer.