The Enterprise Process Center (EPC) provides users with Risk Management, Tracking, Scoring and Analysis capabilities, making the system a fully functional risk management tool. This tool allows users to create and assess Risks, as well as analyze the relationship that Risks have with Controls and Processes.
Gross Risk: The risk to the company in the absence of any actions (e.g. Business Rules, Controls)
Residual Risk: The risk to the company remaining after corrective actions have been implemented to reduce the impact and likelihood, and increase the detectability of a risk within the organization
Impact (Risk): Severity of the consequences varies in terms of cost and potential loss on health, human life, or other critical factors.
Likelihood (Risk): Probability of occurrence
Detectability (Risk): The probability of detecting the fallout and/or consequences associated with the Risk
In cases where controls may or may not apply to a risk on a specific process, users can select the Exclude checkbox. This will disable the control and will remove it from the aggregate residual risk score.