GuardianERM.Net Help       Table of Contents


Library - Risks

Module: Risk Management

Purpose: To provide real time information on risks that are selected according to user specifications.

To Access: Risk Management - Library - Risk.

In GuardianERM.Net, all risks are created and stored in a library. When performing risk evaluations of an organisation unit, the appropriate risks are selected from the library and attached to the organisation unit.

All the risks in the library are shown in the Risk List:

 

The Active and Inactive buttons show active and deactivated risks respectively. To search for a risk, enter the search text and click the Search button. The system will search both the name and description of risks for the search text.

To help finding the appropriate risk, the list can be filtered using the Risk Group and Risk Sub-Group filters.

In order to use this function, the risks created must first be grouped into Risk Groups and Sub-Groups. To assign a group and sub-group to a risk, select a group and sub-group from the dropdown list when creating the risk or modifying the risk:

To deactivate a risk, un-tick the Active box and save. Deactivated risks are not deleted, they can be viewed by clicking the Inactive button above the Risk List:


You can also export the risk library to an Excel file or import a risk library from an Excel file.

Note: The risks in the library are shared by all users of the system and may be attached to many organisation units (the organisation units using a selected risk are shown in the bottom panel). The system uses a unique system code  to identify a risk and for other items in the system to reference to. You must consider the overall effect on the whole system and other users when modifying a risk. For example, if a risk was originally the risk of fire damage to a building and after controls, audit procedures were attached and audits were performed you change it to the risk of fraud while all the other data remain the same, say, the control of testing fire protection equipment regularly will become meaningless for the risk of fraud.

As a general rule, never change the name or description of a risk except to correct spelling and grammatical errors.

If a risk is not applicable any more do NOT replace it with a new risk. Deactivate the risk and create a new one instead.

You may change the group and sub-group of a risk without affecting other parts of the system.