1. Using Financial Reporting Compliance
  2. Create or Edit a Risk

Create or Edit a Risk

As you create a risk, name it and describe it. Optionally select an analysis or context model, select perspective values that set the risk in context, or relate it to controls that address the risk.

Use either of two methods to open the page to create a risk.

  • Select the Create Risk quick action from the Risk Management springboard. (Depending on the number of quick actions available to you, you may need to select a Show More option on the springboard.)
  • In the Risks work area, select the Risks tab. Then select the Create icon.

To edit a risk, select the Risks tab, select the row representing a risk, and select the Edit icon. Or, click the name of a risk and, in a page to view details about it, click Actions > Edit Definition.

As you work with the risk:

  1. Enter or modify required values.

    • Create a name.
    • Accept the default status, Active, or change it to Inactive.

  2. Optionally, enter or modify additional values that define the risk further.

    • Write a description. Along with the name, this may in effect define what's risky about the risk you're creating. The name, for example, might be "Duplicate Payments," and the description might be "Errors in the handling of invoices may result in duplicate payments to suppliers."

    • Select a context or analysis model, if you intend for users to perform evaluation or analysis against the risk. (Once a user performs an analysis or evaluation, you can no longer edit the corresponding model selection.)

    • Select a type. Your organization can use the lookups feature, available in the Setup and Administration work area, to create its own type values (see Manage Lookups).

    • Enter comments, if any are germane.

    • Attach documents to add detail to the definition of the risk (see Attach and View Documents).

    • In the Perspectives panel, select perspective values appropriate for the risk (see Select Perspective Values in Financial Reporting Compliance).

  3. Optionally, select events that apply to the risk you're creating.

    • Expand the Events and Consequences panel and click add.
    • In an Add Event Consequence to Risk page, search for and select one or more event records. You can use the Ctrl or Shift key to select a discontinuous or continuous set of records. (You must create the events you want to select before you add them to the risk.)
    • Click Done (an icon that looks like a less-than symbol) to return to the create or edit page.

    You relate consequences directly to events, and so only indirectly to risks. When you select an event for a risk, the risk inherits any consequences related to the event. You can't relate a consequence directly to a risk.

  4. If descriptive flexfield segments have been defined for the Risk object, these appear as fields in an Additional Information panel. Provide values for these fields.

Relate Controls to the Risk

While you create or edit a risk, you can relate controls to it, to indicate that those controls address the risk. (You must create the controls you want to select before you add them to the risk.)

You can use a Related Records panel in the page to create or edit a risk. As you do, you can designate each control either as primary or as subordinate to a primary control. You can also set stratification values, which define the roles that the controls play in addressing the risk.

Instead, you can select related controls as you create or edit a treatment plan for the risk. In fact, if you select related controls for the risk itself, those controls are also added automatically to the current in-use treatment plan, or to a default plan if you've not yet defined an in-use plan. The procedure to select related controls is the same no matter whether you add them directly to the risk or to a treatment plan (see Select Related Controls).

The Definition tab of the risk record also includes a Related Records panel. Expand it and click its Control tab to view controls selected for the risk. However, it displays only the controls belonging to the current in-use treatment plan. If you're authorized for any of these controls, its name is a link to its record. (You can also click a Process tab to view processes for which the risk has been selected as a related object.)

Secure the Risk

You can authorize other users to work with the risk only after you create it. Save it or submit it, and the create page changes either into the edit page or into the completed record of the risk. These pages, unlike the create page, display a Security Assignment button; click it to authorize users' access to the risk. (See Secure Records in Financial Reporting Compliance.)