3rdRisk Help Center
3rdRisk.com
3rdRisk Help Center
3rdRisk.com
Platform setup
Functional setup
Initial platform setup
Third party management
Third-party management high-level processContract catalogueThird-party catalogueEcosystem
Compliance management
Controls
Frameworks
Risk management
Risk management
Incident management
Incident Management high-level processIncident managementIncident management notification overview
Assessments
Ecosystem assessments
Internal control assessments
Tomorrow and beyond
Scheduling ecosystem assessments
Issues and action plans
IssuesAction plansIssue and action plan management high-level processIssues and action plans notification overview
Remediation plans
Remediation plans
Platform
DashboardContent hubMessages
Security
Authorisation matrixTwo-factor (2FA) authenticationAudit logForgotten usernameUpdate password
Integrations
Communication
Business Intelligence
External ratings
Single sign-on
Data
Corporate tooling
Platform update
Platform updates

Risk management

The updated risk management module in the platform

 

This support article will help you understand the key features, configuration options, and steps to get started with managing risks in the 3rdRisk platform. If you have any questions please check the video explainer which provides a very thorough explanation of this module.

Key features

  • Seamless Integration: The Risk Management Module is fully integrated with the other platform modules, such as Issues, Action Plans, Business Ecosystem assessments, and Internal Control.
  • Customisable configuration: Configure the module to align with your organisation’s strategy, processes, and risk taxonomy.
  • Multidisciplinary approach: Assign roles and collaborate across departments using a single tool.

 

Step 1: Setting up access rights

To start using the Risk Management Module, ensure the correct access rights are assigned.

To begin configuring the module, ensure the correct access rights are assigned:

  1. Navigate to Configuration > Roles.
  2. Select the necessary roles that need to configure this module within your organisation (e.g., Admin, Risk Officer, Risk Manager).
  3. Enable Risk Register and Risk Management Settings.
  4. Assign access levels (e.g., Create, Update, Archive, Delete).

 

 

Step 2: Configuring the module

The Risk Management module is highly customisable. Configure it according to your organisation’s needs.

Access risk management settings:

  • Go to Configuration > Risk management.

 

Define risk domains

Create and categorise your risk domains to match your organisation’s structure:

  1. Go to Configuration > Risk Domains
  2. Add domains like IT Security, Privacy, Sustainability, or any other relevant categories.
  3. Assign owners and roles to each domain for accountability.

 

Configure strategic objectives

Align risks with your organisation’s strategic objectives:

  1. Define objectives like "Increase Revenue" or "Cost Optimisation."
  2. Assign ownership (e.g., CFO for financial objectives).
  3. Use this feature for streamlined reporting and board-level conversations.

Define risk levels and objects

Set up the hierarchy of risks and associated objects:

  1. Define risk levels (e.g., Strategic, Tactical, Operational) to match your organisation’s structure.
  2. Associate objects (e.g., Applications, Assets) with specific risks.
  3. Use default settings as a starting point and customize as needed.

 

Manage risk measures

If you’re not using the Internal Control module, you can define default measures (e.g., MFA, Security Awareness, Data Encryption) to mitigate risks.

These measures act as controls but do not include testing capabilities.

Link measures to risks directly in the risk module.

 

Customise impact categories and policies

  1. Define impact categories and insurance policies to manage risk transfer.
  2. Configure scoring labels (e.g., Low, Medium, High) including the colour codes for likelihood and impact levels.
  3. Customise your risk matrix with tailored scoring and color coding.

Step 3: Configure the risk matrix

The Risk Management matrix is customisable. Configure it according to your organisation’s needs.

Access risk matrix settings:

  • Go to Risks and click on the configuration icon
  • Configure what the risk matrix will display by default:
    • Residual risk scores
    • Inherent risk scores
  • Configure the risk matrix size
    • 4 x 4
    • 4 x 5

Step 4: Register a new risk

The risk module provides a streamlined way to manage you risks. 

  1. Click on + Add risk

The risk process in 3rdRisk is based on industry standards like the ISO 22301, COSO ERM, NIST and others.

Key steps in the risk modal

  • Identification: Define the risk title, description, and objectives.
  • Assessment: Evaluate likelihood, impact, and mitigation measures.
  • Treatment: Specify actions like mitigation, acceptance, or avoidance.
  • Monitoring: Schedule regular evaluations and link to action plans.
  • Communication: Use in-app tools for updates and collaboration.

Contextual tabs in the risk modal

When you have successfully registered and saved a risk than you will also have the options to (click on edit risk):

  • Action Plans: Link specific action plans to mitigate risks effectively.
  • Related Risks: Define and link related risks for better context and management.
  • Document Management: Attach supporting documents, such as workshop notes or risk assessments.
  • Communication Tools: Chat with risk owners and officers, and log updates in notes for transparency.

 

The Risk Management Module is designed to provide flexibility, customization, and integration, making risk management efficient and aligned with your organisation’s goals. If you have any questions please check the video explainer which provides a very thorough explanation of this module.

 

 

English
Powered by Product Fruits