The Risk Management Module will allow Users to create, associate, mitigate, manage, and report on Risks all through Ostendio 3.0.
How to Create A New Risk:
1. Enter the Risk Management Module and click on the orange plus sign in the upper right-hand corner .
2. Fill out the Risk Details including the Risk Classification, Risk Level and Score, and Access Control. You will notice certain fields marked with a Red asterisk. These are required fields. For the Risk Level and Scores, a score will be applied based on the selections chosen from the drop-down fields.
3. Add any items to be associated and linked with this Risk.
Mitigations:
To create a Risk Mitigation, toggle to the Mitigation Dashboard and "+Add New Mitigation"
Complete the Mitigation Fields
*Note* The mitigation can be applied to selected or ALL items linked to the Risk.
Create Sub-Mitigation Tickets
Sub-mitigation tickets need to be created and assigned to Users as their Owner. Think of the sub-tickets as the actions that need to be taken in order for the mitigation to take effect. These sub-tickets will have to be closed in order to close the original Mitigation Ticket.
*Note* The mitigation will only be applied to the Risk Level and Score after the original mitigation ticket has been closed
Risk Register:
This will be displayed in the "Manage Risks" dashboard of the Risk Management Module. Leverage the Risk Response View as the Risk Register. This register allows Users to track the Risks, their likelihoods, impacts and additional details, as well as the status of each item associated with a Risk.
This register can be exported at any time to create reports. It can and should be used as a source of truth for any Risk Management Program.
What is Acceptable Risk/Unacceptable Risk?
Acceptable Risk in Ostendio is defined as when the current risk score is less than or equal to the score of the Target Risk.
Unacceptable Risk in Ostendio is defined as when the current risk score is greater than the score of the Target Risk.