Overview of Risk Register

Overview of Risk Register

The ComplyAssistant Risk Register allows you to track and manage security Threats and associated Controls across your organization. You can register a series of system-defined Threats and Controls or add and register your own.

In order to access the Risk Register, you must either be an Administrator or assigned a User Group with the Risk Register function. To manage Threats and Controls in the register, you must also be assigned the Threat and Controls Admin function.

Threats come with Inherent Risk Levels to your organization. This is calculated by degree of Impact and its Likelihood of occurring. We suggest Inherent Risk Levels, but you have the ability to modify them.

Controls come with a Likelihood Reduction Value which has the power to reduce a Threat’s Inherent Risk Level. You can assign a Control to one or more Threats. You can also assign more than one Control to a single Threat.

You can see the impact that Controls have on a Threat by viewing the Threat’s Residual Risk Level. The lower the Residual Risk, the better the Controls are at mitigating the Threat. 

Once you register a Threat, it appears on the Registered Threats table of the Risk Registry. Similarly, Controls appear under Registered Controls after being registered.

For a complete list of Threats that have and have not been registered, go to the Threat Library within Account Settings. Similarly, all Controls can be found in the Control Library.

The Risk Register aims to help you manage and reduce the overall risks associated with your organization. Risks can seldom be eliminated entirely but can almost always be reduced in scope or impact based on the Controls you implement.

    • Related Articles

    • Overview of Risk Map

      The Risk Map charts your Registered Threats based on their Inherent Risk factors: Likelihood and Impact. The Y axis represents Impact. The X axis represents Likelihood. For example, below are 3 Registered Threats with High Impact that are expected to ...
    • Add a Control to the Register

      Register a Control so that you can quickly view and track it under Registered Controls on the Risk Register. Navigate to the Risk Register at the top. On the right hand side, select Add Controls to Register. This will open a modal that displays all ...
    • Add a Threat to the Register

      To start managing Threats in ComplyAssistant, navigate to the Risk Register at the top. On the right hand side, select Add Threats to Register. This will open a modal that displays all of the Threats in Account Settings: system-defined and custom. ...
    • Overview of Tasks

      To access all existing tasks, click the Task menu at the top of the page. Task Groups ComplyAssistant organizes your tasks in task groups. These are either user-made groups or groups made by ComplyAssistant to organize tasks around other compliance ...
    • Overview of Assessments

      To create your first assessment definition, your account must have at least one question library. Contact ComplyAssistant if you want to use a system-defined question library. Types of Assessments There are several types of assessments. Internally ...