Skip to main content

SoD — Risks

The Risks screen catalogs the named risks declared within each process. One line per (Application, Process, Risk). Each row carries a friendly name and a severity level — the multiplier the Matrix uses to weight the conflicts in the dashboards.

Risks are the what could go wrongApprove a payment to a vendor you created yourself, Adjust the receivable on a customer you maintain. Activities are the verbs; risks are the sentences.

At a glance

Nomasx-1 · Settings · SoD · RisksAPPPROCESSRISK IDRISK NAMELEVEL12P2PR-P2P-01Create vendor & approve paymentHigh12P2PR-P2P-02Modify PO & approve receiptMedium

Goal of the view

  • Name the risks the audit framework expects.
  • Weight the impact. Risk level (High, Medium, Low, or a numeric scale) is the multiplier the dashboards apply to the conflict count.
  • One row per risk policy. Avoid combining several risks into one row — the matrix reasons one risk at a time.

Columns

ColumnSourceWhat it tells you
Application IDRISK_APPS_ID — application.Application the risk applies to.
Process IDRISK_PROCESS_ID — links to Process.The business process the risk belongs to.
Risk IDRISK_ID — identifier.Reference used by Matrix and the Conflicts views.
Risk NameRISK_NAME — descriptive label.Human-readable name of the risk.
Risk LevelRISK_LEVEL — severity.High / Medium / Low (or numeric scale) — drives weighting.

Edit dialog

Click Add or double-click a row to open the form.

Edit SoD riskApplication12 — JDE Prod ▾ProcessP2P ▾Risk IDR-P2P-01NameCreate vendor & approve paymentLevelHigh ▾CancelSave
FieldWhat to enter
ApplicationDrop-down of declared applications.
ProcessDrop-down filtered to the chosen application's processes.
Risk IDShort identifier (e.g. R-P2P-01). Referenced by the Matrix.
NameSentence-form description of the risk — auditors read this.
LevelHigh / Medium / Low (or numeric scale). Drives the conflict weighting.

Tips & best practices

  • Write the risk in sentence form. Create vendor + Approve payment is clearer than VEN-PAY. Auditors read the sentence, the code is for filtering.
  • Pick a consistent severity scale. Use High / Medium / Low everywhere, or a numeric scale everywhere. Mixed scales make the dashboards hard to interpret.
  • High-severity risks should be few. Marking everything High empties the signal — the matrix loses its prioritisation value.