Skip to main content
Skip table of contents

Risk Assessment

What is a Risk Register?

The Risk Assessment in RiskOps provides organizations with a standard methodology for performing a risk assessment. This process provides a structured approach to identifying, analyzing, and prioritizing risks within their IT systems, data, and operations. This digital assessment process replaces disjointed methods and manual analysis with an efficient, automated system designed to evaluate risks comprehensively and consistently.

Performing a thorough Risk Assessment is critical for building a proactive risk management strategy. This process helps organizations uncover vulnerabilities, assess potential impacts, and determine the likelihood of threats materializing. RiskOps simplifies this process, ensuring that assessments are not only accurate but also actionable.

Risk Assessment Requirements

Before your team can perform a Risk Assessment in RiskOps, you must have the following:

  1. You must have one or more active assets has to be present in your RiskOps Asset Inventory.

  2. You must have one or more active risks in your RiskOps Risk Register.

Risk Assessments Recommendations:

  1. You can run a risk assessment at anytime. Consider running a new assessment when significant changes occur within the organization, structure, or IT environment.

  2. You may consider adding a “Control Detail” and “Risk Mitigation” to all risks you plan to evaluate in the risk assessment, since these values will be required during the assessment process.

  3. You should consider adding all applicable assets and risks to an assessment scope (All assets and risks for the project, environment, or organization, etc) rather than cherry-picking the highest/lowest assets/risks, as this will lead to a more valuable assessment report.

  4. You may consider inviting other users/team members to participate in parts of this risk assessment.

How To Perform A Risk Assessment

  1. Login to RiskOps

  2. Navigate to “Risk Assessment” on the left sidebar

risk-assessment-start.PNG

  1. Click the “Start New Risk Assessment” button in the top right of the page.

    1. Note - You can only perform a single risk assessment at a time. If you have previously started a risk assessment and have not yet completed it, click the “Continue Risk Assessment” process.

  2. The RiskOps application will save the your steps in the risk assessment as you complete them.

Step 1 - Select Assets

After starting a risk assessment you will be prompted to select Assets in scope for the assessment.

Note - You must have one or more Active Assets in your Asset Inventory to conduct a risk assessment.

risk-assessment-1.PNG

  1. Select assets applicable to the current risk assessment

    1. You can page through assets and/or use the search bar to find specific assets to include in an assessment.

    2. You can select individual assets by using the checkmarks next to each asset on the left side.

    3. You can select all assets for a specific page by clicking the “Select All on Page” button on the top left

  2. Review all selected Assets selected and confirm that the data is accurate.

    1. You may edit assets as need on this page of the assessment by clicking the “Edit” button next to the Asset.

  3. Once the applicable assets have been selected click the “Select Risks” button in the top right to move to the next step.

    1. You must have at least one asset selected to move to the next page.

Step 2 - Select Risks

After completing Step 1 and selecting assets, you will be taken to a page to select Risks in scope for the assessment.

Note - You must have one or more Active Risks in your Asset Inventory to conduct a risk assessment.

screencapture-app-dashcomplyops-risk-assessment-wizard-2024-12-05-21_55_07.png

  1. Select risks applicable to the current risk assessment

    1. Note - RiskOps will automatically select all risks that are “associated” with assets you have selected in Step 1. You may “deselect” these risks if needed by unchecking them.

    2. You can page through assets and/or use the search bar to find specific risks to include in an assessment.

    3. You can select individual risks by using the checkmarks next to each risk on the left side.

    4. You can select all risks for a specific page by clicking the “Select All on Page” button on the top left

  2. Review all selected Risks selected and confirm that the data is accurate.

    1. You may edit risks as need on this page of the assessment by clicking the “Edit” button next to the Risk.

  3. Once the applicable assets have been selected click the “Risk Assessment” button in the top right to move to the next step.

    1. You must have at least one risk selected to move to the next page.

Step 3 - Risk Assessment

After completing Step 2 and selecting assets, you will be taken to the Risk Assessment portion of this assessment process.

In this page you will be shown all Risks in scope for this assessment as well as related Control Detail and Risk Mitigation Strategies for each risk.

screencapture-app-dashcomplyops-risk-assessment-wizard-2024-12-05-21_58_50.png

  1. Review the Risks displayed in this page. You may see all details for a risk by clicking the “Show Details” next to the Risk.

  2. If a Control Detail is missing for any listed risks, please add it to the associated risk by clicking the “Add Control Detail” button.

  3. If a Risk Mitigation is missing for any listed risks, please add it to the associated risk by clicking the “Add Risk Mitigation” button.

  4. Once you have reviewed all risks and confirmed that the data is accurate, click the “Review & Complete” button in the top right corner.

    1. Note - You must have a Control Detail and a Risk Mitigation attached to ALL risks listed in this risk assessment, to move to the next step.

Step 4 - Review & Complete

After completing Step 3 and going through the risk assessment, you will be shown a preview of your risk assessment report and general metrics.

review-and-complete.PNG

  1. You can see a preview of your risk report on the page.

    1. You will see the number of risks classified as Low, Limited, Moderate, Considerable, and High.

    2. You will be shown Inherent Risk, Control Adjusted Risk, Residual Enterprise Risk scores (from 0 to 25).

    3. Further details on these metrics will be included in the final assessment report.

  2. When you are ready you can click the “Complete Assessment” button in the top right of the page.

    1. Note - After you complete an assessment, you will not be able to go back and edit any of the previous steps/

  3. Enter in the name of the person completing the report and any final notes (this will appear in the PDF report)

review-and-complete2.PNG

  1. Click the “Complete Assessment” button, to finish the assessment process.

Assessment Results

After you have completed the full Risk Assessment process (Including Steps 1-4) you will be see the latest Risk Assessment results.

risk-assessment-start.PNG

  1. You can view the Risk Assessment PDF Report by clicking the “View Risk Assessment” button next to the latest risk assessment.

  2. You can download the Risk Assessment Details Excel (XLSX) file which includes a listing of all Assets and Risks included in the scope for the risk assessment.

assessment-reuslts-1.PNG

Your team can utilize this report to see risk scores, calculated financial risk, and assets/risks by category. These insights can help your team to see the most prominent risks with the organization and determine next steps for remediation.

As you make improvements, or modifications to assets, risks, and controls within the organization, you may perform this risk assessment process periodically, to see how the risk profile for the organization has changes.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close