Navigation

Risks

title: Risks sidebar_position: 10

Risks

On this page you can see the overview of all the risks. There are open and archived risks, where open risks are still active and existing risks and archived risks are not relevant anymore. The risks show:

  • ID number
  • Title
  • Year
  • đź“„: Number of Controls assigned to mitigate the risk
  • 🌍: shows the number of Assets assigned to the selected risk
Risks overview page

On the risks overview page you can see risk factors that can be low, medium or highly impactful on the company. We distinguish between 'inherent risk', i.e. the risk level before a risk is treated, and 'residual risk', i.e. the risk level after treatment of a risk.

  • Add Risk or Export Report with the blue buttons on the top right

    • Click "Add Risk" to add a custom risk relevant to your company. You can provide a name, a custom id, assigning an owner for this risk, and description of the risk.

    • Risks add risk

    • Click "Export Report" to download the whole list of risks to excel. This excel shows the risks custom ID's, names and status of associated Controls. It can be useful for enterprise risk management.

Risk Information

  • Risk title and ID.
  • R.IT reference code referring to the number of risks in the list. This custom ID is set by our Tidal library, but it can be any arbitrary value you want to set.
  • Number of Controls assigned to the risk.
  • Number of Assets assigned to the risk.
  • Assignee (owner of the risk).
  • Risk level indicators:
    • High (red)
    • Medium (orange)
    • Low (green)
    • Not set

Filtering and Sorting

  • Filter by:

    • Attribute, which can be custom assigned in the Assets
    • Assets linked
    • Controls linked.
    • Assignee (owner of the risk).
    • Oldest
    • Newest
    • Custom id (A-Z)
    • Custom id (Z-A)
    • Name (A-Z)
    • Name (Z-A)

    Clicking on a risk

Risks is divided into 4 tabs on the risk rating page:

  • Rating
  • Assets
  • Details
  • Feed

  1. When clicking on a risk you will be directed to the risk rating page and then you can perform a risk assessment. Here you assess what the inherent risk is, which means the risk in absence of Controls.

  2. Then you have to assess the residual risk, which means estimating the risk level after treatment (e.g. linking of Controls helps to reduce the risk).

  3. In the comments you can explain how and why you rated the risk a certain way. The Tidal AI can also help explain it for you based on the information on your organization that has been uploaded into the portal. The ai can generate a fairly accurate risk assessment for you and also in the correct format.

Risk rating

Treatment

In the treatment section you assess what you do with the risk. There are controls assigned that help deal with the risk and then you can provide comments for explanation. How it exactly works is written by us in the guide [What is a risk assessment?](/Guides/What is a risk assessment?)

Residual risk

Lastly, you perform the residual risk assessment. That means you assess the risk after the controls are implemented. The steps are the same as when you perform the risk assessment.

Risk rating residuel risk

Assets

In the assets tab you can link the assets to the specific risk. By doing this you know which assets are compromised by this risk. The risk will also be shown when you open the asset it is linked with.

Risk assets

Details

On the details page you can start providing relevant risk information.

  • Name: provide the name of the Risk.
  • Custom ID: provide the custom ID of the risk.
  • Valid from – to: enter the validity date to create a deadline for the risk to be resolved.
  • Risk appetite: refers to the amount and type of risk that you are willing to pursue or retain in order to achieve the company’s strategic objectives.
  • Attribute: provide attributes to manage, sort and organise the risks.
  • Description: Here you can write more information on the risk you want to share, such as risk scenarios.
  • On the right side you can see the status of the risk. When it is active it indicates that the risk is valid, meaning it falls within the “valid from” until “valid to” time period. It also shows if controls are linked, and those two criteria together determine if a risk is active or inactive.
  • In the details it shows extra information on the status.
  • In the controls it shows the controls assigned to solve the risk.
  • In owners it shows the owners of this risk.
  • In executors the owners can assign employee who resolve the risk.
  • In assessors the owners can assign who reviews the executor’s work.
Risk rating details

Feed

The feed shows what every contributor has done in regards to the risk.

Risk feed
Previous
Plans
Next
Assets