Create risk

You can create risks centrally in the Risk Management app or in the context of a process in the Portal. There are two categories of risks:

  • Process risk: Risk that occurs or can occur within a process.

  • Corporate risk: Risk that occurs or may occur enterprise-wide or in a business unit other than processes.

Instruction:

  1. In the Portal, open the process for which you want to create a risk

  2. Create a new risk via the context menu:

OR:

  1. Open the Risk Management app as described under Risk Management in the Portal

  2. On the Risk Management homepage, click the Create process risk or Create corporate risk quickstart:

  3. Enter the data for the risk in the dialog and create the risk. You can further configure the risk via the properties:

    Property Description
    Risk information
    Label Enter a name for the risk here.
    Valid for Reference a scope in which the risk is valid.
    Description Enter a description of the risk.
    Associated business risk Reference a corporate risk here that is related to the risk.
    Insurable Enable this feature if the risk can be covered by insurance.
    Process reference Reference one or more processes in which the risk occurs or may occur. If you create the risk directly via a process, the process is already referenced here.
    Risk type

    Select a risk type:

    • Participation

    • Operation

    • Energy

    • Information security

    • Infrastructure

    • Market

    • Quality

    • Environment
    Risk category The category of the risk is stored here. In this property you can change the risk category from process risk to corporate risk or vice versa.
    Responsibility Reference a user or employee who is responsible for the risk.
    Risk assessment GROSS and NET
    Occurrence probability

    Select the probability of the risk occurring.

    • GROSS: if the risk is not treated.

    • NET: when controls and tasks are created for the risk that mitigate the risk.
    Damage potential/amount

    Select the damage the risk could cause.

    • GROSS: if the risk is not treated.

    • NET: when controls and tasks are created for the risk that mitigate the risk.
    Risk class The calculated risk class into which the risk has been classified is displayed here. The risk class is calculated on the basis of the selected probability of occurrence and the damage potential.
    Reasons for the assessment Here you can enter a reason for your selected risk assessment.
    Further information
    Controls to be executed Reference one or more controls that will be implemented to prevent the risk.
    Reasons for archiving If you have archived the risk, you can enter a reason here.
    Business Unit Reference an organizational unit in which the risk occurs or may occur, or for which the risk is relevant.
    Tasks Reference one or more tasks performed to manage and control the risk.
    Attachment
    File upload / attachment Here you can attach a file.

Next steps:

You can create a risk task or control in the next step and have tasks created automatically for this control.