5 Entity Risk Profiling > 5.2 RISK DOCUMENTATION (Capturing Risk Data)

Having set up an Entity in the database we are now ready to capture data about each potential risk confronting the Entity and the various elements of the business that could be at risk. Sufficient detail is captured to clearly explain what is at risk, how much and the possibility of the risk occurring if no controls were present. This addresses three more of our “Eight Facts of Business Life”:

Fact 1

“You can’t evaluate control unless you understand the risks”

This requires us to determine the ways in which an organisation might be subjected to risk

Fact 2

“The quantity/size/value/volume of the attribute at risk varies”

Fact 3

“If there are no controls in place it doesn’t mean that the risks will occur – there are degrees of probability”.

Most of the data capture exercise may well be done in a workshop environment designed to accept input from a broad cross-section of the organisation. The data will be captured via a Risk Input Screen; to get to this do the following: