Managing Risk “Causes”
What are Causes?
Causes are underlying uncertainties that could lead to the risk materialising. There are also referred to as “Risk Drivers” or “Risk Factors“.
Causes are a great way to increase the granularity of a risk without having to create separate risks. Controls can assigned to each Cause and the effectiveness of the controls environment is used to highlight areas of concern for management when they are updating their risk assessments.
How to manage Causes?
For a given Risk, Causes can be managed in the Risk Cards page.
Find the “Basic Informations” card on the risk cards page for the risk you would like to add causes to.
At the bottom right of that card there is a “+ Cause” button that can be used to add and manage causes for that Risk.
On pressing the “+ Cause” button a pop-up appears with three tabs: Add New, Edit Cause and Select.
SELECT: This tab provides an option to manage the causes that are mapped to the current risk. Use the combo-select box to assign the causes from the existing library by moving the cause from the left box to the right box.
EDIT CAUSE: In the Edit Cause tab, search and select the cause you want to edit. Once selected, scroll down and update the Cause title, related entities, teams and assigned controls. Note that multiple entities and teams can be assigned to a cause. Don’t forget to click UPDATE to save your changes.
ADD NEW: In the Add New tab, simple define the Cause title and assign entity(ies), team(s) and controls. Note that multiple entities and teams can be assigned to a cause. Don’t forget to click ADD CAUSE to save your changes.
Once a new cause is added, the pop-up will automatically move to the Select tab, showing the new cause in the “Assigned Causes” box.
To close the pop-up, simply click anywhere outside the pop-up or click “Exit“.