Menü aufrufen
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Risikomanagement Dashboard/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Isan (Diskussion | Beiträge)
Keine Bearbeitungszusammenfassung
Isan (Diskussion | Beiträge)
Keine Bearbeitungszusammenfassung
 
(39 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
The risk management dashboard provides experts and professionals information about upcoming audits, hazard situations, compliance coverage, and more of the management system. For this purpose, key performance indicators (KPIs) are available to the dashboard. These can be used to customize the dashboard as desired.
The risk management dashboard provides Experts, Professionals, and Observers information about risks, compliance coverage, and more of the management system. For this purpose, key performance indicators (KPIs) are available to the dashboard. These can be used to customize the dashboard as desired.


<b>Caution:</b>
<b>Caution:</b> Only risks that have been evaluated for the damage extent classification of the selected management system are displayed.
* Only hazard situations that have been evaluated for the damage extent classification of the selected management system are displayed.


[[Datei:Risikomanagement Dashboard Übersicht.png|left|thumb|904px|Risk management Dashboard]]
[[Datei:Risikomanagement Dashboard Übersicht.png|left|thumb|904px|Risk management dashboard]]
<br clear=all>
<br clear=all>


 
<span id="Risikomanagement_KPIs"></span>
== Risk management KPIs ==
== Risk management KPIs ==


The following KPIs are available for the Risk management dashboard. How to customize and create dashboards is described under <b>[[Special:MyLanguage/Dashboards|create and edit Dashboards]]</b>.
The following KPIs are available for the risk management. How to customize and create dashboards is described under [[Special:MyLanguage/Dashboards|create and edit dashboards]].


__TOC__
__TOC__


=== Pending Audits ===
<span id="Abweichungsanalysen_nach_Status"></span>
=== Gap analyses by state ===


In the upcoming audits, all current audits of the management system are listed or those audits that are planned in the next 90 days.  
This KPI provides information about the status of the gap analyses in the selected analysis periods. It is possible to restrict whether all analyses, only review results or only gap analyses are to be displayed.


The display can be restricted to selected organizational units.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Double-clicking on an audit will take you to the corresponding <b>[[Special:MyLanguage/Auditplanung#Audits|Audit]]</b>.
Double-clicking on a circle segment opens a selection dialog in which the respective analyses are listed. The analyses can also be opened by double-clicking.


[[Datei:KPI Anstehende Audits.png|left]]
[[Datei:KPI Schwachstellenanalysen nach Status.png|602px|left]]
<br clear=all>
<br clear=all>


[[Datei:Risikomanagement Dashboard Audit Icons.png|left|thumb|300px|Audit status symbols]]
<span id="Spinnendiagramme"></span>
<br clear=all>
=== Spider charts  ===


=== Audits by Status ===
If a sub-chapter of a spider diagram is to be analyzed, this can be done by clicking on the point of the respective parent chapter in the spider. This selects the chapter and displays all sub-chapters with their respective coverage: the spider "zooms" a layer deeper. To undo the selection, the back arrow can be clicked: "the spider "zooms" back out.  
 
This KPI provides information about the status of audits. Only audits of the selected audit program are taken into account. Furthermore, the KPI can be limited to internal, external or all audits of the audit program.
 
The selection of the audit program and the restriction of the audits is done either fixed in the editing mode, or the data selection is enabled in the view mode.
 
The status delayed means that the audit is still in the status planned, although the start date is already in the past.
 
Double-clicking on a circle segment opens a selection dialog in which the respective audits are listed. The audits can be opened by double-clicking on them.
 
[[Datei:KPI Audits nach Status.png|left|703px]]
<br clear=all>
 
=== Spider charts  ===


If a sub-chapter of a spider diagram is to be analyzed, this can be done by clicking on the point of the respective parent chapter in the spider. This selects the chapter and displays all sub-chapters with their respective coverage. To undo the selection, the back arrow can be clicked.  
With a right click, a selection dialog can be opened in Compliance fulfillment and Questions coverage (total), which shows the review questions/results. It also shows chapters, reviews, and the answers. Double-clicking a review question/result opens the review at the corresponding location.


In addition, at the lowest level for compliance fulfillment and questions coverage (Total), a selection dialog opens if an attempt is made to go even deeper. In this selection, the check questions / check results are listed. Double-clicking on a check question / check result opens the check with the corresponding check question.
Ho much text is displayed around a spider chart depends on the number of displayed chapters, the available space, and whether the KPI is being edited. Using a checkbox, an overview of the currently displayed chapters can be added to the KPI.


==== Compliance Fulfillment ====
<span id="Compliance_Erfüllung"></span>
==== Compliance fulfillment ====


This KPI provides information on the extent to which the compliance requirements for a standard/norm are met. The green line represents the target score of the current analysis period.
This KPI provides information on the extent to which the compliance requirements for a standard/norm are met. The green line represents the target score of the current analysis period.
This can be used to find out which topics/chapters of a standard or norm should be dealt with in more detail.
This can be used to find out which topics/chapters of a standard or norm should be dealt with in more detail.


The answered questions of a standard chapter are used as the basis for calculation. Neither structural questions nor questions marked as dispensable are taken into account for the calculation. The average score of the answered questions of a standards chapter is displayed.
The answered questions of a standard chapter are used as the basis for calculation. Neither structural questions nor questions marked as dispensable are taken into account for the calculation. The average score of the answered questions of a standards chapter is displayed.  


The selection of the standard / standard is either fixed in the editing mode, or the selection is enabled in the view mode.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


[[Datei:KPI Compliance Erfüllung.png|left]]
[[Datei:KPI Compliance Erfüllung.png|left]]
<br clear=all>
<br clear=all>


==== Questions coverage (Percentage) ====
<span id="Fragen_Deckung_(Prozentuell)"></span>
==== Questions coverage (percentage) ====


The questions coverage (percentage) shows the ratio of the total number of test questions of a selected knowledge base linked to a standards chapter.  
The questions coverage (percentage) shows the ratio of the total number of test questions of a selected knowledge base linked to a standards chapter. Meaning, how many questions out of the total available have been answered. Each chapter can reach a maximum of 100%, even if a question is answered more than once. Structure questions are also excluded from the calculation. Thus, the test question coverage of a standard/norm per knowledge base is evaluated here.
Each chapter can reach a maximum of 100%, even if a question is answered more than once. Structure questions are also excluded from the calculation. Thus, the test question coverage of a standard / norm per knowledge base is evaluated here.


The selection of the standard / norm and knowledge base is either fixed in editing mode, or the selection is enabled in view mode.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


[[Datei:KPI Fragen Deckung Proz.png|left]]
[[Datei:KPI Fragen Deckung Proz.png|left]]
<br clear=all>
<br clear=all>


==== Questions coverage (Total) ====
<span id="Fragen_Deckung_(Total)"></span>
==== Questions coverage (total) ====


The question coverage (total) is intended to show how many questions AND test results for the standard chapter were answered or marked as dispensable. I.e. the coverage of the test questions from all test questions of all knowledge databases, which map to this standard, is shown in total.
The question coverage (total) is intended to show how many questions AND test results for the standard chapter were answered or marked as dispensable. I.e. the coverage of the test questions from all test questions of all knowledge databases, which map to this standard, is shown in total.
Zeile 76: Zeile 65:
This provides information as to whether certain topics have been highlighted to a greater or lesser extent in the audits and whether it may make sense to focus on certain topics in future audits.
This provides information as to whether certain topics have been highlighted to a greater or lesser extent in the audits and whether it may make sense to focus on certain topics in future audits.


The selection of the standard / norm and knowledge base is either fixed in editing mode, or the selection is enabled in view mode.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


[[Datei:KPI Fragen Deckung Total.png|left]]
[[Datei:KPI Fragen Deckung Total.png|left]]
<br clear=all>
<br clear=all>


===Hazard situations by state===  
<span id="Risikomatrix"></span>
=== Risk matrix ===
 
This KPI provides an overview of how dangerous the individual risks of the management system can be. The further to the top right a risk is located, the more dangerous it is. If the mouse pointer is moved over one of the points in the diagram, it becomes apparent which risk is concerned. By default, no accepted or rejected risks are displayed.


This KPI shows an overview of the hazard situations by their state and the completeness of the risk assessment.  
*<u>Risks:</u> This option shows risks.


The outer layer displays all hazard situations by their state. The inner layer displays not or not completely evaluated hazard situations (missing the probability of occurrence of extent of damage) in relation to the total of existing hazard situations. The total amount of hazard situations that exist as per the set filter is displayed in the middle of the diagram.  
*<u>Opportunities:</u> This option shows opportunities.


It's possible to limit the displayed hazard situations to those of the current management system.  
*<u>With accepted risks:</u> Through this option, risks that have already been accepted and are therefore in the "Accepted" status can also be displayed.


The restriction of hazard situations can be either fixed in editing mode, or the selection is enabled in view mode.
*<u>Show risks for this management system only:</u> This option ensures that only the risks from the current management system are displayed. Public risks (as in, not marked as "private") from other management systems are no longer displayed as a result.


Double-clicking a circle segment opens a dialog in which the respective hazard situations are listed. The hazard situations can also be opened by double-clicking.
*<u>Risk categories:</u> Here, the risk matrix can be restricted so that only risks that are associated with the selected risk categories are displayed. A risk category can be associated with the risk directly in its detail page.


[[Datei:KPI Gefährdungslagen nach Status.png|left]]
*<u>OrgUnit:</u> Here, the risk matrix can be restricted so that only risks that are associated with the selected organizational units are displayed. An organizational unit can be associated with the risk via the "structural elements" of the risk.
 
The time span under the risk matrix can be used to track how risks have developed over a period of time. All you have to do is click on one of the points in the time span. The time span can be adjusted using the arrows on the left and right.
 
[[Datei:Risikomanagement Dashboard Risikomatrix zeitlich.PNG|900px|left]]
<br clear=all>
<br clear=all>


===Hazard situations and assigned measures===  
<span id="Risiken/Chancen_nach_Status"></span>
===Risks/opportunities by state===  
 
This KPI shows an overview of the risks and opportunities by their state and the completeness of the risk/opportunity assessment.


This KPI shows a risk treatment overview regarding linked measures.  
The outer layer displays all risks and opportunities by their state. The inner layer displays not or not completely evaluated risks  and opportunities (missing the probability of occurrence of extent of damage) in relation to the total of existing risks/opportunities. The total amount of risks and opportunities that exist as per the set filter is displayed in the middle of the diagram.  


It contains information about whether treatment measures are overdue or there are hazard situations that have not been linked with a corrective measure yet. Submitted and rejected hazard situations are disregarded. It's possible to limit the displayed hazard situations to those of the current management system.  
It's possible to limit the displayed risks/opportunities to those of the current management system.  


The restriction of hazard situations can be either fixed in editing mode, or the selection is enabled in view mode.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Double-clicking a circle segment opens a dialog in which the respective hazard situations are listed. The hazard situations can also be opened by double-clicking.
Double-clicking a circle segment opens a dialog in which the respective risks are listed. The risks can also be opened by double-clicking.


[[Datei:KPI Gefährdungslagen und zugeordnete Maßnahmen.png|left]]
[[Datei:KPI Gefährdungslagen nach Status.png|left]]
<br clear=all>
<br clear=all>


=== Risk matrix ===
<span id="Risiken/Chancen_nach_Kategorie"></span>
===Risks/opportunities by category===


This KPI provides an overview of how dangerous the individual hazard situations of the management system can be. The further to the top right a hazard situation is located, the more dangerous it is. If the mouse pointer is moved over one of the points in the diagram, it becomes apparent, which hazard situation is concerned. By default, no accepted or rejected hazard situations are displayed.
This KPI gives information about the categories that risks and opportunities are assigned to.


*With accepted risks:
It is possible to restrict the considered risks/opportunities to only active risks/opportunities and/or only those of the current management system.  
:: Through this option, hazard situations that have already been accepted and are therefore in the "Accepted" status can also be displayed.


*Show risks for this management system only:
As risks and opportunities can be assigned to multiple categories, they can also appear multiple times in this KPI (or not at all, if they haven't been categorized). The number of risks/opportunities therefore does not have to correspond to the number of risks/opportunities in the risk matrix. A double-click on a bar segment opens a dialog with a list of the respective risks and opportunities. The risks/opportunities can also be opened with a double-click.
:: This option ensures that only the hazard situations from the current management system are displayed. Public hazard situations (as in, not marked as "private") from other management systems are no longer displayed as a result.


*OrgUnit:
[[Datei:DB_RM_RisikenKategorie_mitCheckboxen.png|left]]
::Here the risk matrix can be restricted so that only hazard situations that are associated with the selected organizational units are displayed. An organizational unit can be associated with the hazard situation via the "structural elements" of the hazard situation.
<br clear=all>


The time span under the risk matrix can be used to track how hazard situations have developed over a period of time. All you have to do is click on one of the points in the time span. The time span can be adjusted using the arrows on the left and right.
===Risks by threats===
This KPI gives information about the threats that are assigned to risks.<p>It is possible to restrict the considered risks and opportunities to only active risks or opportunities and/or only those of the current management system. Furthermore, it is also possible to show all available threats, thus creating a complete list including also those threats that are not assigned to any risk or opportunity.<p>As risks can be assigned to multiple threats, they can also appear multiple times in this KPI (or not at all, if they haven't been assigned). The number of risks therefore does not have to correspond to the number of risks in the risk matrix. A double-click on a bar segment opens a dialog with a list of the respective risks. The risks can also be opened with a double-click.<p>The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.
[[Datei:KPI_RisikenNachBedrohungen.png|left]]
<br clear=all>


[[Datei:Risikomanagement Dashboard Risikomatrix zeitlich.PNG|905px|left]]
<span id="Aktive_Risiken/Chancen_und_ihre_Behandlung"></span>
<br clear=all>
===Active risks/opportunities and their treatment===


=== Protection needs analysis by status ===
This KPI shows a risk treatment overview regarding open and finished measures as well as controls linked to active risks and opportunities.


This KPI provides information on the status of the protection requirement analyses in the selected analysis periods. It is possible to restrict whether all analyses, only analyses of organizational units or only analyses of processes are to be displayed.
It contains information about whether treatment measures/controls are overdue or there are active risks that have not been linked with a corrective measure yet. Planned, suspended, and canceled measures are disregarded in this KPI. Submitted, accepted, and rejected risks are also disregarded.<p>The KPI is divided into an outer and an inner ring. Here, the outer ring shows how many risks have a treatment, complications in their treatment, or no treatment at all. The risks with treatment are further apportioned in the inner circle, and divided into those with completed treatments or treatments in processing. If there are no risks with treatment, the inner circle is not displayed.


* Include historical analyses
It's possible to limit the displayed risks and opportunities to those of the current management system.  
:: By default, the most recent versions of multiple protection needs analyses for organizational units and processes are displayed. However, this checkbox can also be used to display older protection needs analyses for the organizational units and processes.


The selection of the constraint and analysis periods can be either fixed in editing mode, or the selection is enabled in view mode.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Double-clicking on a circle segment opens a selection dialog in which the respective protection needs analyses are listed. The protection needs analyses can also be opened by double-clicking.
Double-clicking a circle segment opens a dialog in which the respective risks are listed. The risks can also be opened by double-clicking.


[[Datei:KPI Schutzbedarfsanalysen nach Status.png|452px|left]]
[[Datei:KPI Aktive Gefährdungslagen und offene und erledigte Maßnahmen.png|left]]
<br clear=all>
<br clear=all>


=== Vulnerability analysis by status ===
<span id="Schutzbedarfsanalysen_nach_Status"></span>
=== Protection needs analyses by state ===


This KPI provides information about the status of the vulnerability analyses in the selected analysis periods. It is possible to restrict whether all analyses, only review results or only gap analyses are to be displayed.
This KPI provides information on the status of the protection needs analyses in the selected analysis periods. It is possible to restrict whether all analyses, only analyses of organizational units or only analyses of processes are to be displayed.


The selection of the constraint and analysis periods can be either fixed in editing mode, or the selection is enabled in view mode.
*<u>Include historical analyses:</u> By default, the most recent versions of multiple protection needs analyses for organizational units and processes are displayed. However, this checkbox can also be used to display older protection needs analyses for the organizational units and processes.


Double-clicking on a circle segment opens a selection dialog in which the respective vulnerability analyses are listed. The vulnerability analyses can also be opened by double-clicking.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


[[Datei:KPI Schwachstellenanalysen nach Status.png|841px|left]]
Double-clicking on a circle segment opens a selection dialog in which the respective protection needs analyses are listed. The protection needs analyses can also be opened by double-clicking.
 
[[Datei:KPI Schutzbedarfsanalysen nach Status.png|700px|left]]
<br clear=all>
<br clear=all>


=== Top Gaps ===
<span id="Top_Abweichungen"></span>
=== Top gaps ===


This KPI provides the audits with the highest sum of deviations according to the <b>[[Special:MyLanguage/Target_Score_Gewichtung|Target score weighting]]</b> of the selected protection target and audits.  
This KPI provides the audits with the highest sum of deviations according to the [[Special:MyLanguage/Target_Score_Gewichtung|Target score weighting]] of the selected protection target and audits.  


The sum of deviations by target score weighting in the reviews assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.  
The sum of deviations by target score weighting in the reviews assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.  


It is also possible to configure which reviews are displayed:
It is also possible to configure which reviews are displayed:
* Underfulfillments
* Underfulfillments: Only reviews that have a sum greater than 0. The larger the sum, the worse.
:: Only reviews that have a sum greater than 0. The larger the sum, the worse.
* Overfulfillments: Only reviews that have a negative sum. The smaller the sum, the better.
* Overfulfillments
* All: All reviews, regardless of whether the sum of the deviations is positive or negative.
:: Only reviews that have a negative sum. The smaller the sum, the better.
* All:
:: All reviews, regardless of whether the sum of the deviations is positive or negative.


The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).
The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).


* Clossed assessments only:
* <u>Closed assessments only:</u> By this option only completed reviews are taken into account.
:: By this option only completed reviews are taken into account.


* Include historical gaps:
* <u>Include historical gaps:</u> By default, the most recent versions of repeatedly run reviews are included. However, by using this checkbox, older versions of reviews can also be taken into account.
:: By default, the most recent versions of repeatedly run reviews are included. However, by using this checkbox, older versions of reviews can also be taken into account.


If no analysis period is selected, all deviations from all analysis periods are displayed. It is also possible to restrict from which organizational units the checks must originate from.
If no analysis period is selected, all deviations from all analysis periods are displayed. It is also possible to restrict from which organizational units the checks must originate from.


The selection of the protection target, audits and analysis periods can be either fixed in the editing mode, or the selection is enabled in the view mode.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Double-clicking on a deviation opens the corresponding analysis with the deviation.
Double-clicking on a gap opens the corresponding analysis with the gap.


[[Datei:KPI Top Abweichungen.png|827px|left]]
[[Datei:KPI Top Abweichungen.png|830px|left]]
<br clear=all>
<br clear=all>


=== Top Audits ===
<span id="Top_Risiken/Chancen"></span>
=== Top risks/opportunities ===
 
This KPI is a listing of the top risks and opportunities of the management system. The displayed risks and opportunities are thus ranked according to their risk score. The higher up, the greater the risk. The further down, the greater the opportunity.
 
Alternatively, it is also possible to switch to entities. This will display those entities that are most at risk.
 
The triangles provide information about how dangerous a risk is and how at risk an entity is. The dice provide information about how good an opportunity is. If you move the mouse pointer over them, the respective risk score is displayed.
 
Double-clicking on a risk/entity will take you to the corresponding [[Special:MyLangauge/Risikobewertung|risk/opportunity]]/entity.
 
[[Datei:KPI Top Gefährdungslagen.png|left|600px]]
<br clear=all>
 
<span id="Top_Prüfobjekte"></span>
=== Top review objects ===


This KPI provides the worst or best audits for the selected protection target.  
This KPI provides the review objects with the highest sum of gaps according to the [[Special:MyLanguage/Target_Score_Gewichtung|Target score weighting]] of the selected protection target and audits.  


The sum of deviations according to <b>[[Special:MyLanguage/Target_Score_Gewichtung|Target score weighting]]</b> in the reviews assigned to the audit always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.  
The sum of deviations according to target score weighting of the review objects assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.


It is also possible to configure which audits are displayed:
It is also possible to configure which review objects are displayed:
* Underfulfillments
* Underfulfillments: Only review objects that have a sum greater than 0. The larger the sum, the worse.
:: Only audits that have a sum greater than 0. The larger the sum, the worse.
* Overfulfillments: Only review objects that have a negative sum. The smaller the sum, the better.
* Overfulfillments
* All: All review objects, regardless of whether the sum of the gaps is positive or negative.
:: Only audits that have a negative sum. The smaller the sum, the better.
* All:
:: All audits, regardless of whether the sum of the deviations is positive or negative.


The sorting influences whether you are presented with the audits with the worst results (highest positive sum of deviations) or the best audits with the lowest negative deviations (lowest sum of deviations, but without overfulfillment).
The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).


* Closed assessments only:
* <u>Closed assessments only:</u> With this option, only review objects from completed reviews are taken into account.
:: By this option only completed reviews of the audits are taken into account.


If no analysis period is selected, all audits from all analysis periods are displayed. The organizational units from which the audits come can be restricted as well.
* <u>Include historical review objects:</u> By default, the most recent versions of multiple-valued review objects are included. However, this checkbox can also be used to include older versions of the review objects.


The selection of the protection target and the analysis periods can be either fixed in the editing mode, or the selection is enabled in the view mode.
If no analysis period is selected, all review objects from all analysis periods are displayed. It is also possible to restrict the organizational units from which the reviews of the review objects are taken.  


Double-clicking on an audit will take you to the corresponding <b>[[Special:MyLanguage/Auditplanung#Audits|Audit]]</b>.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


[[Datei:KPI Top Audits.png|677px|left]]
Double-click on a applied topic to open the corresponding analysis with the applied topic.
 
[[Datei:KPI Top Prüfobjekte.png|left|830px]]
<br clear=all>
<br clear=all>


=== Top hazard situations ===
<!-- === Pending Audits ===


This KPI is a listing of the top hazard situations of the management system. The displayed hazard situations are thus ranked according to their risk score. The higher up, the greater the risk.  
In the upcoming audits, all current audits of the management system are listed as well as those audits that are planned in the next 90 days. This means audits in the states Draft, In progress, and In rework.


Alternatively, it is also possible to switch to entities. This will display those entities that are most at risk.
The display can be restricted to selected organizational units.


The triangles provide information about how dangerous a hazard situation is and how at risk an entity is. If you move the mouse pointer over them, the respective risk indicator is displayed.
Double-clicking on an audit will take you to the corresponding [[Special:MyLanguage/Auditplanung#Audits|Audit]].


Double-clicking on a hazard situation/entity will take you to the corresponding <b>[[Special:MyLangauge/Risikobewertung|Hazard Situation]]</b> / entity.
[[Datei:KPI Anstehende Audits.png|left]]
<br clear=all>


[[Datei:KPI Top Gefährdungslagen.png|left]]
[[Datei:Risikomanagement Dashboard Audit Icons.png|left|thumb|300px|Audit status symbols]]
<br clear=all>
<br clear=all>


=== Top applied topics ===
<span id="Audits_nach_Status"></span>
=== Audits by Status ===


This KPI provides the applied topics with the highest sum of deviations according to the <b>[[Special:MyLanguage/Target_Score_Gewichtung|Target score weighting]]</b> of the selected protection target and audits.  
This KPI provides information about the status of audits. Only audits of the selected audit program are taken into account. Furthermore, the KPI can be limited to internal, external or all audits of the audit program.  


The sum of deviations according to target score weighting of the applied topics assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


It is also possible to configure which applied topics are displayed:
The status delayed means that the audit is still in the status planned, although the start date is already in the past.
* Underfulfillments
 
:: Only applied topics that have a sum greater than 0. The larger the sum, the worse.
Double-clicking on a circle segment opens a selection dialog in which the respective audits are listed. The audits can be opened by double-clicking on them.
* Overfulfillments
 
:: Only applied topics that have a negative sum. The smaller the sum, the better.
[[Datei:KPI Audits nach Status.png|left|703px]]
* All:
<br clear=all>
:: All applied topics, regardless of whether the sum of the deviations is positive or negative.
 
=== Top Audits ===
 
This KPI provides the worst or best audits for the selected protection target.  


The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).
The sum of deviations according to [[Special:MyLanguage/Target_Score_Gewichtung|Target score weighting]] in the reviews assigned to the audit always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.  


* Closed assessments only:
It is also possible to configure which audits are displayed:
:: With this option, only applied topics from completed reviews are taken into account.
* Underfulfillments: Only audits that have a sum greater than 0. The larger the sum, the worse.
* Overfulfillments: Only audits that have a negative sum. The smaller the sum, the better.
* All: All audits, regardless of whether the sum of the deviations is positive or negative.


* Include historical applied topics:
The sorting influences whether you are presented with the audits with the worst results (highest positive sum of deviations) or the best audits with the lowest negative deviations (lowest sum of deviations, but without overfulfillment).
:: By default, the most recent versions of multiple-valued applied topics are included. However, this checkbox can also be used to include older versions of the applied topics.


If no analysis period is selected, all applied topics from all analysis periods are displayed. It is also possible to restrict the organizational units from which the reviews of the applied topics come from.  
* <u>Closed assessments only:</u> By this option only completed reviews of the audits are taken into account.


The selection of the protection target, audits and analysis periods can be either fixed in the editing mode, or the selection is enabled in the view mode.
If no analysis period is selected, all audits from all analysis periods are displayed. The organizational units from which the audits come can be restricted as well.


Double-click on a applied topic to open the corresponding analysis with the applied topic.
The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.
 
Double-clicking on an audit will take you to the corresponding [[Special:MyLanguage/Auditplanung#Audits|Audit]].


[[Datei:KPI Top Prüfobjekte.png|left]]
[[Datei:KPI Top Audits.png|677px|left]]
<br clear=all>
<br clear=all> -->

Aktuelle Version vom 11. März 2025, 10:38 Uhr

The risk management dashboard provides Experts, Professionals, and Observers information about risks, compliance coverage, and more of the management system. For this purpose, key performance indicators (KPIs) are available to the dashboard. These can be used to customize the dashboard as desired.

Caution: Only risks that have been evaluated for the damage extent classification of the selected management system are displayed.

Risk management dashboard


Risk management KPIs

The following KPIs are available for the risk management. How to customize and create dashboards is described under create and edit dashboards.

Gap analyses by state

This KPI provides information about the status of the gap analyses in the selected analysis periods. It is possible to restrict whether all analyses, only review results or only gap analyses are to be displayed.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking on a circle segment opens a selection dialog in which the respective analyses are listed. The analyses can also be opened by double-clicking.


Spider charts

If a sub-chapter of a spider diagram is to be analyzed, this can be done by clicking on the point of the respective parent chapter in the spider. This selects the chapter and displays all sub-chapters with their respective coverage: the spider "zooms" a layer deeper. To undo the selection, the back arrow can be clicked: "the spider "zooms" back out.

With a right click, a selection dialog can be opened in Compliance fulfillment and Questions coverage (total), which shows the review questions/results. It also shows chapters, reviews, and the answers. Double-clicking a review question/result opens the review at the corresponding location.

Ho much text is displayed around a spider chart depends on the number of displayed chapters, the available space, and whether the KPI is being edited. Using a checkbox, an overview of the currently displayed chapters can be added to the KPI.

Compliance fulfillment

This KPI provides information on the extent to which the compliance requirements for a standard/norm are met. The green line represents the target score of the current analysis period. This can be used to find out which topics/chapters of a standard or norm should be dealt with in more detail.

The answered questions of a standard chapter are used as the basis for calculation. Neither structural questions nor questions marked as dispensable are taken into account for the calculation. The average score of the answered questions of a standards chapter is displayed.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Questions coverage (percentage)

The questions coverage (percentage) shows the ratio of the total number of test questions of a selected knowledge base linked to a standards chapter. Meaning, how many questions out of the total available have been answered. Each chapter can reach a maximum of 100%, even if a question is answered more than once. Structure questions are also excluded from the calculation. Thus, the test question coverage of a standard/norm per knowledge base is evaluated here.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Questions coverage (total)

The question coverage (total) is intended to show how many questions AND test results for the standard chapter were answered or marked as dispensable. I.e. the coverage of the test questions from all test questions of all knowledge databases, which map to this standard, is shown in total. Structural questions are excluded from this calculation. If a standard chapter is created several times as a test object and the same test questions are answered several times, the number of answered questions increases accordingly.

This provides information as to whether certain topics have been highlighted to a greater or lesser extent in the audits and whether it may make sense to focus on certain topics in future audits.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Risk matrix

This KPI provides an overview of how dangerous the individual risks of the management system can be. The further to the top right a risk is located, the more dangerous it is. If the mouse pointer is moved over one of the points in the diagram, it becomes apparent which risk is concerned. By default, no accepted or rejected risks are displayed.

  • Risks: This option shows risks.
  • Opportunities: This option shows opportunities.
  • With accepted risks: Through this option, risks that have already been accepted and are therefore in the "Accepted" status can also be displayed.
  • Show risks for this management system only: This option ensures that only the risks from the current management system are displayed. Public risks (as in, not marked as "private") from other management systems are no longer displayed as a result.
  • Risk categories: Here, the risk matrix can be restricted so that only risks that are associated with the selected risk categories are displayed. A risk category can be associated with the risk directly in its detail page.
  • OrgUnit: Here, the risk matrix can be restricted so that only risks that are associated with the selected organizational units are displayed. An organizational unit can be associated with the risk via the "structural elements" of the risk.

The time span under the risk matrix can be used to track how risks have developed over a period of time. All you have to do is click on one of the points in the time span. The time span can be adjusted using the arrows on the left and right.


Risks/opportunities by state

This KPI shows an overview of the risks and opportunities by their state and the completeness of the risk/opportunity assessment.

The outer layer displays all risks and opportunities by their state. The inner layer displays not or not completely evaluated risks and opportunities (missing the probability of occurrence of extent of damage) in relation to the total of existing risks/opportunities. The total amount of risks and opportunities that exist as per the set filter is displayed in the middle of the diagram.

It's possible to limit the displayed risks/opportunities to those of the current management system.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking a circle segment opens a dialog in which the respective risks are listed. The risks can also be opened by double-clicking.


Risks/opportunities by category

This KPI gives information about the categories that risks and opportunities are assigned to.

It is possible to restrict the considered risks/opportunities to only active risks/opportunities and/or only those of the current management system.

As risks and opportunities can be assigned to multiple categories, they can also appear multiple times in this KPI (or not at all, if they haven't been categorized). The number of risks/opportunities therefore does not have to correspond to the number of risks/opportunities in the risk matrix. A double-click on a bar segment opens a dialog with a list of the respective risks and opportunities. The risks/opportunities can also be opened with a double-click.


Risks by threats

This KPI gives information about the threats that are assigned to risks.

It is possible to restrict the considered risks and opportunities to only active risks or opportunities and/or only those of the current management system. Furthermore, it is also possible to show all available threats, thus creating a complete list including also those threats that are not assigned to any risk or opportunity.

As risks can be assigned to multiple threats, they can also appear multiple times in this KPI (or not at all, if they haven't been assigned). The number of risks therefore does not have to correspond to the number of risks in the risk matrix. A double-click on a bar segment opens a dialog with a list of the respective risks. The risks can also be opened with a double-click.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.


Active risks/opportunities and their treatment

This KPI shows a risk treatment overview regarding open and finished measures as well as controls linked to active risks and opportunities.

It contains information about whether treatment measures/controls are overdue or there are active risks that have not been linked with a corrective measure yet. Planned, suspended, and canceled measures are disregarded in this KPI. Submitted, accepted, and rejected risks are also disregarded.

The KPI is divided into an outer and an inner ring. Here, the outer ring shows how many risks have a treatment, complications in their treatment, or no treatment at all. The risks with treatment are further apportioned in the inner circle, and divided into those with completed treatments or treatments in processing. If there are no risks with treatment, the inner circle is not displayed. It's possible to limit the displayed risks and opportunities to those of the current management system. The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode. Double-clicking a circle segment opens a dialog in which the respective risks are listed. The risks can also be opened by double-clicking.


Protection needs analyses by state

This KPI provides information on the status of the protection needs analyses in the selected analysis periods. It is possible to restrict whether all analyses, only analyses of organizational units or only analyses of processes are to be displayed.

  • Include historical analyses: By default, the most recent versions of multiple protection needs analyses for organizational units and processes are displayed. However, this checkbox can also be used to display older protection needs analyses for the organizational units and processes.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking on a circle segment opens a selection dialog in which the respective protection needs analyses are listed. The protection needs analyses can also be opened by double-clicking.


Top gaps

This KPI provides the audits with the highest sum of deviations according to the Target score weighting of the selected protection target and audits.

The sum of deviations by target score weighting in the reviews assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.

It is also possible to configure which reviews are displayed:

  • Underfulfillments: Only reviews that have a sum greater than 0. The larger the sum, the worse.
  • Overfulfillments: Only reviews that have a negative sum. The smaller the sum, the better.
  • All: All reviews, regardless of whether the sum of the deviations is positive or negative.

The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).

  • Closed assessments only: By this option only completed reviews are taken into account.
  • Include historical gaps: By default, the most recent versions of repeatedly run reviews are included. However, by using this checkbox, older versions of reviews can also be taken into account.

If no analysis period is selected, all deviations from all analysis periods are displayed. It is also possible to restrict from which organizational units the checks must originate from.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking on a gap opens the corresponding analysis with the gap.


Top risks/opportunities

This KPI is a listing of the top risks and opportunities of the management system. The displayed risks and opportunities are thus ranked according to their risk score. The higher up, the greater the risk. The further down, the greater the opportunity.

Alternatively, it is also possible to switch to entities. This will display those entities that are most at risk.

The triangles provide information about how dangerous a risk is and how at risk an entity is. The dice provide information about how good an opportunity is. If you move the mouse pointer over them, the respective risk score is displayed.

Double-clicking on a risk/entity will take you to the corresponding risk/opportunity/entity.


Top review objects

This KPI provides the review objects with the highest sum of gaps according to the Target score weighting of the selected protection target and audits.

The sum of deviations according to target score weighting of the review objects assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.

It is also possible to configure which review objects are displayed:

  • Underfulfillments: Only review objects that have a sum greater than 0. The larger the sum, the worse.
  • Overfulfillments: Only review objects that have a negative sum. The smaller the sum, the better.
  • All: All review objects, regardless of whether the sum of the gaps is positive or negative.

The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).

  • Closed assessments only: With this option, only review objects from completed reviews are taken into account.
  • Include historical review objects: By default, the most recent versions of multiple-valued review objects are included. However, this checkbox can also be used to include older versions of the review objects.

If no analysis period is selected, all review objects from all analysis periods are displayed. It is also possible to restrict the organizational units from which the reviews of the review objects are taken.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-click on a applied topic to open the corresponding analysis with the applied topic.