When working with risk evaluation

When a risk is evaluated for the first time (NEW evaluation), the system generates a separate risk evaluation that will inherit the selected tagged organizational elements and processes from its "mother", the risk itself. This action makes the work easier, but you should still check if the tagging is correct so that the outcome is correct. You can of course change them. Choose the correct probability and value for each relevant consequence axis. You must fill in at least one consequence axis.
You can choose whether you want to evaluate "Opportunities". This will make the positive scale 1-5 visible during evaluation.
You can also choose to set a "Desired situation". It activates a new matrix exactly like the current evaluation, but allows the user to enter a desired/target value. Over time, work must be done to close this gap.
For each consequence axis selection, you have to decide whether you can accept residual risk or not. If one is not checked, you must choose a solution with action at the end of the form - that is, what do you do with the rest of the risk/opportunity. To reduce risk and exploit opportunities, add measures and/or controls.

Versions Compared