Setup Risk Configuration

This guide will walk you through the process of configuring the Risk Configuration in RiskRecon and illustrate how it can be effectively utilized within your organization.

You will find the Risk Configuration tab under the System Administration that is nestled under "My Account":

Within the Risk Configuration we are able to change the Risk Relationships (also called Risk Folders within the user permission tab) and we can change the Inherent Risk Rating Scheme.

TABLE OF CONTENTS

Setup Risk Configuration

• Risk Relationships
• Inherent Risk Rating Scheme

Risk Relationships

Risk Relationships can be used in several ways, these are in essence folders under which you will be able to put the vendors. Within all those Risk Relationships you will see the Inherent Risk Rating Scheme.

Some example's of how to best utilise this feature is to give every business unit that uses vendors/3rd parties a separate Risk Relationship folder. This way you can analyze the risk from the vendors/3rd parties per business unit and also roll up the risk to the total company risk portfolio. 

Another way would be to separate the Risk Relationship per services/goods that these vendors/3rd parties provide to the organization. So we could have a Risk Relationship for all SaaS based solutions that are used within the organization, a Risk Relationship for all Hardware vendors/3rd parties and a Risk Relationship for Consultancy companies that provide services to the organization.

There are many uses possible for the Risk Relationship feature and you will have to decide what fits best for your organization and the use case. If you need assistance or advice on this topic don't hesitate to contact us.

To edit these Risk Relationships press the edit button and click Add Relation, in this menu you can also adjust the names or remove the relationships entirely. If you made all the necessary changes do not forget to click the safe button:

Once the Risk Relationships are configured you will be able to assign them to you users via the User Administration tab (also covered in our "Setup Guide to Add, Modify & Remove users". By default all new Risk Relationships will be added to all users.

If you want to filter within your dashboard on Risk Relationships you can use the Dashboard Filter option to select the Risk Relationship you want to filter on:

Inherent Risk Rating Scheme

The Inherent Risk Rating Scheme will affect the way you will categorise your vendors/3rd parties. Most organization will have some sort of scheme already in place. RiskRecon by default will come with a 4 stage Risk Rating Scheme; Enterprise Critical / High / Medium / Low.

Changing the Risk Rating Scheme will also change the Vendor Priority Matrix on the Dashboard:

You can change the dimensions of this scheme by clicking the edit button and click the "Add Configuration" button, you can also change the names of the Risk Categories or remove them. By default every newly added risk category will have the lowest priority setting. You can set up to a maximum of 6 risk categories.