GRC Rehaul

Get Started. It's Free
or sign up with your email address
Rocket clouds
GRC Rehaul by Mind Map: GRC Rehaul

1. Manage Risks

1.1. Create Risks

1.1.1. Request Risk Identification

1.1.1.1. Send Risk Identification Questionnaire

1.1.1.1.1. Notify Risk Identification Questionnaire Participants

1.1.1.1.2. Send Risk Identification Questionnaire Directly

1.1.1.1.3. Plan Risk Identification Survey

1.1.1.2. Complete Risk identification Survey

1.1.2. Create Risks Directly

1.1.2.1. Create Unique Risk

1.1.2.2. Avoid Duplicate Naming

1.1.2.2.1. Offer Preview of Duplicate

1.1.2.3. Validate Risks

1.1.2.3.1. Submit Risk for Validation

1.1.2.3.2. Notify Risk Submitter of Validation

1.1.2.3.3. Notify Risk Submitter of Rejection

1.1.2.3.4. Notify Risk Validator of New Risk

1.2. Describe Risks

1.2.1. Search Risks

1.2.1.1. Search Risk by List Filters

1.2.1.2. Search Risk by Search bar

1.2.2. Specify Risk Strategic Importance

1.2.2.1. Specify Key Risks

1.2.2.2. Specify Objectives affected by Risk

1.2.2.3. Specify regulatory Requirements affected by Risks

1.2.3. Taxonomize Risks

1.2.3.1. Create Risk Typology

1.2.3.1.1. Import Risk Typology

1.2.3.1.2. Create Risk Typology Manually

1.2.3.2. Specify Risk Types for Risk

1.3. Contextualize Risks

1.3.1. Assign Risk Ownership Directly

1.3.1.1. Specify Responsible for whole Risk

1.3.2. Assign Risk Ownership Via Context

1.3.2.1. Specify Multiple Risk Context

1.3.2.2. Specify Unique Risk Context

1.3.2.3. Specify Responsible for Risk Context

1.4. Assess Risks

1.4.1. Assess Risks Directly

1.4.1.1. Assess Overall Risk Level Directly

1.4.1.2. Assess Risk Level for a Specific Context

1.4.2. Request Risk Assessment

1.4.2.1. Send Risk Assessment Questionnaire

1.4.2.1.1. Send Risk Assessment Questionnare Directly

1.4.2.1.2. Notify Risk Identification Questionnaire Participants

1.4.2.1.3. Plan Risk Assessment

1.4.3. Define Risk assessment conditions & criterias

1.4.3.1. Define Risk Assessment values

1.4.3.2. Define Information to present during Risk Assessment

1.4.3.2.1. Define which context description to display

1.4.3.2.2. Define which mitigation information to display

1.4.3.2.3. Prepopulate risk assessment with previous assessment values

1.4.3.3. Define if Risk assesment can be delegated

1.4.3.4. Define if risk assessment is overall or contextual

1.5. Treat Risks

1.5.1. Define Risk Treatment Method

1.5.1.1. Define Risk Mitigating Controls

1.5.1.1.1. Define Control Criticality In Risk Control System

1.5.1.2. Define Risk Reducing Action Plans

1.5.2. Set Risk Apetite

1.6. Analyze Risks

1.6.1. Analyze Risk Assessments

1.6.1.1. Analyze Overall Risk Assessment

1.6.1.1.1. Analyze Risk trend

1.6.1.1.2. Aggregate Risk Rating for multiple context

1.6.1.1.3. Risk Heatmap (based on aggregation or overall rating)

1.6.1.2. Analyze Contextual Risk Assessment

1.6.1.2.1. Aggregate Risk level by Context

1.6.1.3. Choose Risk Assessment criteria for analysis

1.6.2. Ensure Risks Are Under Control

1.6.3. Prioritize Risks

1.6.3.1. Analyze Root Cause

1.6.3.1.1. Specify Risk Causality

1.6.3.1.2. Specify Incident Materializing Risk

1.6.3.1.3. Analyze Root Cause mitigation efficiency

1.6.3.2. Analyze Risk Taxonomy

1.6.3.2.1. Analyze Risk Mitigation effectiveness by risk types

1.6.3.2.2. Analyze Incident distribution by risk types

1.6.3.3. Analyze Risk Strategic Importance

2. Manage Controls

2.1. Create Control

3. Manage Incidents

4. Perform Internal Audit

5. Achieve Regulatory Compliance

6. Manage IT Risks

7. IRM Audit Desktop Review

8. BPA Light

9. IRM Contributor Review

10. IRM offline

10.1. Audit offline

10.1.1. Workpapers

11. Assessment Aggregation Engine

11.1. ERM Risk level Indicator calculation

11.2. User level questionnaire builder

11.3. Metamodel inconsistencies

11.3.1. Risk Direct assessment

11.3.2. Control Direct assessment

11.3.3. Controls to Rsiks

11.3.4. Control level and criticality

11.3.5. Aggregation caculation of risk level

11.3.6. macro for calculation and storage of risk level values

11.3.7. calculation upon scheduler (log out) or upon closure of assessment campaign/direct assessment?

12. Indicators

13. Integration UCF