Activity
A.7 Evaluation of risks
Risk Assessment
Description
Description
During the risk evaluation phase decisions have to be made concerning which risks need treatment and which do not, as well as concerning on the treatment priorities. Analysts need to compare the level of risk determined during the analysis process with risk criteria established in the Risk Management context (i.e. in the risk criteria identification stage). It is important to note that in some cases the risk evaluation may lead to a decision to undertake further analysis.
Organisation
Responsible
Risk Manager
Accountable
Senior Management
Consulted
Domain Expert
Risk Owner
Internal Audit
Informed
Senior Management
Input/Output
Input data
D69 Controls relative to assets
D70 Impacts relative to assets
D62 Assessment activities criteria
D68 Threats relative to assets
D72 Risks relative to asset groups
D67 Classified assets
D63 Asset class. scheme
D71 Risks relative to assets
Output data
D28 Risk treatment decision