...
When a risk is evaluated for the first time (NEW evaluation), the system generates a separate risk evaluation that will inherit the selected tagged organizational elements and processes from its "mother", the risk itself. This action makes the work easier, but you should still check if the tagging is correct so that the outcome is correct. You can of course change them. Choose the correct probability and value for each relevant consequence axis. You must fill in at least one consequence axis.
You can choose whether you want to evaluate "Opportunities". This will make the positive scale 1-5 visible during evaluation.
You can also choose to set a "Desired situation". It activates a new matrix exactly like the current evaluation, but allows the user to enter a desired/target value. Over time, work must be done to close this gap.
For each consequence axis selection, you have to decide whether you can accept residual risk or not. If one is not checked, you must choose a solution with action at the end of the form - that is, what do you do with the rest of the risk/opportunity. To reduce risk and exploit opportunities, add measures and/or controls.
Evaluation of risks
See flowchart in a separate article on how to carry out evaluations in various places in the system.
Section 1 - meta information
...
Title
The system copies the title from the risk itself - can be changed if desired
Description
If desired, the evaluation can be described here in more detail: why, change, situation, project, is it a periodical evaluation, etc.
Next evaluation
The system automatically sets the next evaluation to one year in the future. Can be changed during evaluation.
Owner
The person who owns the risk is automatically entered here - can be changed.
Deputies
Here, those who are proxies in the risk itself are copied in - can be edited
Participants
Here, the participants from the risk itself are copied in - can be edited
Section 2 - Associated with
...