Enterprise Risk Management
Closely aligned with the risk management process from ISO 31000, Abriska® 31000 was designed to provide organisations with an intuitive tool for assessing and managing all types of risk from different functions and departments.
Its purpose is to ensures that risk management is an integral part of management and governance, is embedded into the culture and practices, and is tailored to the needs of an organisation.
You will find the configuration options vary to that within the RA Management for the Information Security 27001 module.
ERM Setup
The links listed below contain information on setting up the risk management module. The 'RA Setup''Configuration' page within Abriska can be reached by selecting ‘Risk Analysis’Assessment’ then selecting 'RA Setup'Management' from the sidebar on the organisation home.
- risk Appetite
- risk Strategies
- risk Categories
- risk Register
- risk Statement
- risk Scores
- risk Strategy
- risk Actions
Creating a new Risk
To create a new risk you will need to follow these steps. Risk Assessment > Risk Register > Create new RiskOption 1: Identify Risk
Used to identify a Risk with a description to then be assessed by Org Admin.
Option 2: Identify and Analyse Risk
Used to identify and asses a risk to the business filling in the following information. You must select the Category first, this will then generate a Risk Reference.
Depending on what category is selected there may be a prompt to select which controls help to mitigate this risk.
The final step in adding the risk is to evaluate the Inherent(level with no controls in place), residual(current level), target risk(expected level).
Risk Register 31000 ERM