Catalog risks and controls
In
you can create the catalogs, or inventories, of risks and the controls to mitigate them. After these risks and controls are stored in
, you can associate them with other components of
such as IT Processes and Governance Objectives.
- A Risk is something that could have a negative impact on the effectiveness of an IT Process that has been identified in the .
- A Control is a collection of manual or application processes, workflows, and tests that is put in place to mitigate an identified Risk.
- A Control Objective is a targeted goal that is created in response to an identified Risk associated with an IT Process.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*