cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
MohsinRaza
Calcite | Level 5 MohsinRaza
Calcite | Level 5
Go to Solution

Risk Assessment workflow in Governance and Compliance Manager

Posted 07-24-2025 04:15 AM (629 views)

Hi,

I am a new user on Governacne & Compliance Manager. We are considering following two approaches to standardize our regular risk assessments.

 

1. Collect asset information against each risk assessment activity and add risks, threats and vulnerabilities against each risk assessment every time and evaluate control effectiveness. In this approach risks, assets, and vulnerabilities might have duplications, but we can start with tiny steps.

 

2. Collect complete asset inventory, potential risks, threats and vulnerabilities and upload into the system. For each risk assessment we can select associated assets, risks, threats and vulnerabilities from already uploaded data and evaluate control effectiveness against each risk assessment exercise.

 

Can someone please guide what is the right approach to move forward with a consistent and sustainable approach.

Thanks, 

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
KPotter
SAS Employee KPotter
SAS Employee

Re: Risk Assessment workflow in Governance and Compliance Manager

Posted 07-29-2025 08:00 AM (516 views)  |   In reply to MohsinRaza

the second approach is the likely more effective approach. Building your inventory of assets, risks, controls, threats etc, allows you to reuse those for assessments and builds up a history of where those are used for further analysis later on.  

 

Hope that helps!

 

 

View solution in original post

Reply
2 REPLIES 2
KPotter
SAS Employee KPotter
SAS Employee

Re: Risk Assessment workflow in Governance and Compliance Manager

Posted 07-29-2025 08:00 AM (517 views)  |   In reply to MohsinRaza

the second approach is the likely more effective approach. Building your inventory of assets, risks, controls, threats etc, allows you to reuse those for assessments and builds up a history of where those are used for further analysis later on.  

 

Hope that helps!

 

 

Reply

hackathon24-white-horiz.png

The 2025 SAS Hackathon has begun!

It's finally time to hack! Remember to visit the SAS Hacker's Hub regularly for news and updates.

Latest Updates

Discussion stats
  • 2 replies
  • ‎07-24-2025 04:15 AM
  • 630 views
  • 1 like
  • 2 in conversation