User Guide: Risk Vs Compliance Module
Risk vs Compliance – Detailed Explanation
The Risk vs Compliance screen in RiskWatch serves as a cross-linking interface between the Risk Assessment and Compliance products. It allows organizations to integrate compliance evaluation results into their risk scoring models, thereby strengthening the accuracy and real-world reflection of risk exposure.
This guide will walk you through the functionality and capabilities of the Risk Vs compliance mapping in detail.
Purpose of the Risk vs Compliance Screen
The primary purpose of this screen is to map risks from the Risk Assessment module (typically defined at the template level) to the content libraries in the Compliance module, such as:
- Question Categories
- Individual Questions
This mapping enables the system to pull real-time gap scores from compliance assessments and use them to influence or adjust the risk scores during risk assessments.
How the Integration Works
1. Risk Mapping from Template Level
- Risks defined in the Risk Templates module (not just per facility) are available for mapping.
- You select a specific risk and map it to:
- A question category, or
- An individual question from the Compliance Content Library
This establishes a logical relationship:
"This risk is influenced by compliance with this specific requirement or group of controls."
2. Library Questions Must Be Assessed
- For the mapping to be functional:
- The mapped question/category must be part of a compliance assessment (i.e., in use).
- That compliance assessment must be linked to the same facility or entity that’s used in the risk assessment.
3. Gap Scores Are Pulled from Compliance
- When a compliance assessment is completed, each question has a gap score based on:
- How compliant the response is
- Assigned weightage and scoring model
The system automatically retrieves these gap scores for the questions/categories linked via the Risk vs Compliance screen.
4. Risk Score Calculation Is Enhanced
- The gap scores from compliance assessments are then factored into the final risk score calculation for the linked risk.
- This provides a data-driven, evidence-based enhancement of the risk’s:
- Likelihood
- Impact
- Control effectiveness
- Residual risk score
5. Why This Is Useful
Benefit | Explanation |
|---|---|
Integrated View | Risk and compliance are not siloed—they work together to show a real-world risk picture. |
Live Risk Scoring | Risk scores update based on actual compliance performance. |
Improved Accountability | Helps stakeholders understand which controls (or lack thereof) are driving risk levels. |
Audit Readiness | Easier to justify risk scores with supporting compliance evidence. |
6. Example Scenario
- A risk titled “Unauthorized Access to Data Center” is mapped to a compliance question like:
“Are physical access logs reviewed weekly?” - If that question is marked as ‘No’ or ‘Partially Compliant’ in the compliance assessment, the gap score will increase.
- As a result, the associated risk score for “Unauthorized Access to Data Center” in the Risk Assessment module will increase automatically, highlighting elevated risk due to weak control compliance.
- How to navigate to Risk Vs Compliance Screen?
- Login to Risk assessment as an administrator.
- Click on Risk registers menu &
- Select Risk Vs Compliance menu
- It will open the required screen for you
- What will be there in Compliance Vs risk screen?
- Initially Risk Vs Compliance screen will show empty records with select template dropdown.
- This drop down having all available templates for all 3 types (LI, CIA and ATV) of this platform, we can map any type of template risks to compliance questions.
- Select the template from the drop down, it will display a grid with Risks
- Grid contains, risk name, source of risk and action columns.
- We can search the risks by using search feature and also filter the records using column filters at each column of the grid.
- We can export the risks details into excel sheet by using excel export button.
- We can open actual mapping screen by clicking + icon in action column of the grid.
- How to Map the Risks to Questions?
- Mapping the Risks to questions can be done in 2 ways,
- One is copy the mappings from the existing risks
- Another one is mapping to your risk and questions newly.
- Click on + icon in action column, it will open one pop up called Map risk to multiple questions.
- And the pop up asking “Do you want to copy data from existing risks?” with Yes and No buttons.
- If you click on Yes, it will show you select Risk Drop down.
- This drop down contains all risks from all available templates which are already having mappings to compliance questions.
- The drop down showing risk name and the template name and it is multi selection option.
- You can choose any no .of risks to copy the data to your required risk and even you can select all risks to copy the data.
- And then click on save button, it will give you the success message and closing the pop up.
- Now some questions are mapped to your risk which are copied from another risk mapping.
- So when you click on + icon again for the same previous risk, this time it will show you the list of mapped questions which you copied from other risk mappings like below.
- In this pop up, it will show you complete information of questions you mapped to your risk.
- Which gives you the content libraries names, question categories and questions drop down and in the table, it is showing the question number, question text, question title and delete option.
- Here you can again modify your mapping as you required by clicking the libraries, question categories and questions drop downs.
- You can add or remove some content by selecting or deselecting the records from these drop downs so the table will be updated as per your selection.
- And you can remove particular question mapping to this risk by clicking the Delete icon in the table.
- Now click on save, your changes will be saved for this risk.
- Ensure that the modifications you did for this risk is not updated to the previous risks from where you copied this question mappings.
- Now, in the first pop up, if you click on No for “Do you want to copy data from existing Risks”? Then it will allow user to select which libraries they want to map and mapped categories of that libraries and belonged questions from the categories to map newly to your risk.
- Select the libraries from the library drop down, so that all question categories under the libraries will be displayed in categories drop down.
- Now select the categories what you want, so that all questions which are under the categories will be displayed in Questions drop down.
- Now click on save, pop up will be closed and success message will displayed. And when you click on + icon for the same risk again, now it will display the what are mapped questions to this risk in the grid like below.
You can adjust the viewing of risk grid columns by using columns button at the to right.
Based on these mappings, if the Risk assessment is mapped with any compliance assessment and the assessment having these mapped questions and are answered, The gap score will be added to get the Risk score of this individual risk of the facility.
Ensure that not all mapped questions should be there in single compliance assessment.
Gap score will be calculated for the risk by what are the available mapped questions are answered in the compliance assessment.
Note: Only admin can have this screen.