Risk Appetite settings:
Today we set a “Risk Appetite” value that is applied to all three types of risk.
Based on this number, when we create a risk we get a warning while calculating the risk (if the risk score is above that setting)
and once saved, a “Status”.
The status can be filtered using filters.
We need to change things a little bit, the idea is that the typical matrix used by many people to categorized risks (against their risk score or / and residual score) can be best resembled.
We want to change things:
1/ The risk appetite settings will have two types:
This needs to be changed to a modal (window popup), with two tabs. The first tab called “Integer Value” we leave what we have now, a checkbox ticked by default indicates that this is the default operational mode.
A second tab needs to be shown, called “Threshold” in which the user can select one or more combinations of their classification (Risk Management / Asset Risk Management / Settings / Classifications) settings.
More than one classification type must have been defined for this option to be available, otherwise display “This setting can not be used until you define more than one Risk Classification “Type””
The user is allowed to select up to two classification types from a multiple choice dropdown. We do something similar with risk calculation methods.
then the user is allowed to define “Thresholds”
- one item from each classification “type” (in the example above, it would select one from likelihood and one from impact) and for this combination define a “Short Title”, “Description” and “Colour” (user defines html colours)
- “Default” “Title” and “Colour”
So if their classification (Risk Management / Asset Risk Management / Settings / Classifications) looks like the screenshot below:
They could define:
- They want to use likelihood and impact as “Types” (the others would not be selected on the drop down)
- They define:
- Likelihood “High” and Impact “High”, title “Atomic Bomb”, colour “Red”, description “This is really bad”
- Likelihood “High” and Impact “Medium”, title “Nitrogen Bomb”, colour “Red”, description “This is not good”
- Default setting is, title “All good”, colour “Green”
When you save this setting you need to be careful:
- if “Integer Value” is selected, you need to show index / filters correspondingly.
- if “Thresholds” is selected, you need to show index / filters correspondingly.
If thresholds" settings are selected, then you add / edit a risk and on the “analysis” tab in the modal you show a warning that includes a text:
$riskThresholdTitle: $riskThresholdDescription … all that on the colour that applies. If the combination selected does not match a threshold, then you show the “Default” stuff.
in the “treatment” tab, you show the same warning:
Note: you dont show the “warning” of numerical exceeded, etc. At the bottom of the “treatment” tab then you dont show anymore the percentage scales.
You need to show the exact same thing as you show on the “Analysis” tab, the classification of the risk.
When the risk is saved:
Instead of the usual two values you show the two values and the “Threshold” that applies to one and the other (Risk Score and Residual Risk Score) and the value and the colour.
NOTE: dont forget to update PDF Exports
“Risk above appetite” status is not shown any more. On the filters, the following options are also not shown:
And you add to filters two options on this two tabs called “Risk Threshold” where you list all possible defined thresholds.
The idea is the user can filter risks by their thresholds. The “default” filter for risk section (from dashboards seem to include risk score and residual … if “Threshold” is selected, it should also show the threshold for “Risk Score” and “Risk Residual”.