Risikomanagement Dashboard/en: Unterschied zwischen den Versionen

The risk management dashboard provides Experts, Professionals, and Observers information about risks, compliance coverage, and more of the management system. For this purpose, key performance indicators (KPIs) are available to the dashboard. These can be used to customize the dashboard as desired.

Caution: Only risks that have been evaluated for the damage extent classification of the selected management system are displayed.

The following KPIs are available for the risk management. How to customize and create dashboards is described under create and edit dashboards.

This KPI provides information about the status of the gap analyses in the selected analysis periods. It is possible to restrict whether all analyses, only review results or only gap analyses are to be displayed.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking on a circle segment opens a selection dialog in which the respective analyses are listed. The analyses can also be opened by double-clicking.

Spider diagrams evaluate responses to questions about standards and norms in various ways. The questions come from vulnerability/gap analyses and are evaluated based on standards and norms. To analyze a subchapter of a spider diagram, click on the point of the respective parent chapter in the spider. This selects the chapter and displays all subchapters with their respective coverage: the spider “zooms” one level deeper. To undo the selection, click the back arrow: the spider diagram “zooms” back out.

The data selection feature allows you to apply various types of filters. Among other things, you can filter by organizational units, analysis periods, and reviews. Users with the appropriate add-on licenses can also filter by audits and suppliers. However, it is not possible to filter by deactivated suppliers.

Right-clicking on “Compliance fulfillment” or “Questions Covered (Total)” opens a selection dialog listing the review questions and review results. The chapter, review, and answer are also displayed. Double-clicking on a review question or review result opens the review containing that question.

How much text is displayed around a spider chart depends on the number of displayed chapters, the available space, and whether the KPI is being edited. Using a checkbox, an overview of the currently displayed chapters can be added to the KPI.

This KPI indicates the extent to which compliance requirements for a standard are being met. The green line represents the target score for the current analysis period. This helps you identify which topics and sections of a standard have been met and which require further attention.

The function Include Mapped Standard Chapters allows you to access the standard mapping between individual standards and norms. This enables you, for example, to evaluate standard “A” using the spider, even if you have only answered questions regarding standard “B.” Data selection is performed either in edit mode via the dialog box, or data selection is activated in view mode.

To calculate the score on the diagram, HITGUard uses the answers to the questions in a vulnerability/gap analysis. The spider diagram collects all assessment questions linked to the relevant section of the standard and calculates the average. “Yes” is assigned a value of 5, “Partially” a value of 3, and “No” a value of 1. Structural questions and questions marked as optional are not included in this calculation.

The questions coverage (percentage) shows the ratio of the total number of test questions of a selected knowledge base linked to a standards chapter. Meaning, how many questions out of the total available have been answered. Each chapter can reach a maximum of 100%, even if a question is answered more than once. Structure questions are also excluded from the calculation. Thus, the test question coverage of a standard/norm per knowledge base is evaluated here.

The question coverage (Total) shows how many questions related to a norm/standard chapter have been answered. This includes both review objects created using knowledge base templates and manually created review results. The KPI counts all questions that have been answered or marked as dispensable and sums them up. Structural questions are excluded from this calculation. If a standard chapter is created multiple times as a test object and the same test questions are answered multiple times, the number of answered questions increases accordingly.

Die Compliance nach Wissensdatenbank wertet die Prüffragen einer Wissensdatenbank aus und rechnet sie zu Durchschnittsscores zusammen. Anders als die Spinne "Compliance Erfüllung" wertet sie allerdings die Wissensdatenbanken direkt aus, statt sie über die Norm auszuwerten. Damit gibt sie bei Wissensdatenbanken, die von der Norm abweichen ein anderes Bild ab, als die "Compliance erfüllung".

This KPI provides an overview of how dangerous the individual risks of the management system can be. The further to the top right a risk is located, the more dangerous it is. If the mouse pointer is moved over one of the points in the diagram, it becomes apparent which risk is concerned. By default, no accepted or rejected risks are displayed.

• Risks: This option shows risks.

• Opportunities: This option shows opportunities.

• With accepted risks: Through this option, risks that have already been accepted and are therefore in the "Accepted" status can also be displayed.

• Show risks for this management system only: This option ensures that only the risks from the current management system are displayed. Public risks (as in, not marked as "private") from other management systems are no longer displayed as a result.

• Risk categories: Here, the risk matrix can be restricted so that only risks that are associated with the selected risk categories are displayed. A risk category can be associated with the risk directly in its detail page.

• OrgUnit: Here, the risk matrix can be restricted so that only risks that are associated with the selected organizational units are displayed. An organizational unit can be associated with the risk via the "structural elements" of the risk.

• None & Only Supplier Risks/Opportunities : Use these checkboxes to remove all supplier risks and opportunities, or to limit the risk matrix to these risks/opportunities. Using the selection below, you can further restrict them to specific suppliers. However, it is not possible to filter by deactivated suppliers. Please note that the “deactivated” status only means that the suppliers currently cannot access the supplier portal; it does not mean that the suppliers are no longer relevant to your organization. Therefore, it makes perfect sense to evaluate them.

The time span under the risk matrix can be used to track how risks have developed over a period of time. All you have to do is click on one of the points in the time span. The time span can be adjusted using the arrows on the left and right.

This KPI shows an overview of the risks and opportunities by their state and the completeness of the risk/opportunity assessment.

The outer layer displays all risks and opportunities by their state. The inner layer displays not or not completely evaluated risks and opportunities (missing the probability of occurrence of extent of damage) in relation to the total of existing risks/opportunities. The total amount of risks and opportunities that exist as per the set filter is displayed in the middle of the diagram.

It's possible to limit the displayed risks/opportunities to those of the current management system. With a checkbox the KPI can be limited to supplier risks and opportunities. With the selection below it, it can be further limited to specific suppliers. It is not possible, however to filter by deactivated suppliers.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking a circle segment opens a dialog in which the respective risks are listed. The risks can also be opened by double-clicking.

This KPI shows an overview of the risks and opportunities by the development of their risk ratio.

The individual risks/opportunities are shown as lines and display dots where the evaluation changes. Additionally, a legend can be shown and the background of the KPI can be colored with the colors of the risk matrix. A timescale allows for filtering the KPI to specific times.

It is possible to limit the shown risks/opportunities to the current management system as well as to filter by risk categories or organizational units. With a checkbox the KPI can be limited to supplier risks and opportunities. With the selection below it, it can be further limited to specific suppliers. However, it is not possible to filter by deactivated suppliers.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

This KPI gives information about the categories that risks and opportunities are assigned to.

It is possible to restrict the considered risks/opportunities to only active risks/opportunities and/or only those of the current management system. With a checkbox the KPI can be limited to supplier risks and opportunities. With the selection below it, it can be further limited to specific suppliers. However, it is not possible to filter by deactivated suppliers.

As risks and opportunities can be assigned to multiple categories, they can also appear multiple times in this KPI (or not at all, if they haven't been categorized). The number of risks/opportunities therefore does not have to correspond to the number of risks/opportunities in the risk matrix. A double-click on a bar segment opens a dialog with a list of the respective risks and opportunities. The risks/opportunities can also be opened with a double-click.

This KPI gives information about the threats that are assigned to risks.

It is possible to restrict the considered risks and opportunities to only active risks or opportunities and/or only those of the current management system. With a checkbox the KPI can be limited to supplier risks and opportunities. With the selection below it, it can be further limited to specific suppliers. However, it is not possible to filter by deactivated suppliers. Furthermore, it is also possible to show all available threats, thus creating a complete list including also those threats that are not assigned to any risk or opportunity.

As risks can be assigned to multiple threats, they can also appear multiple times in this KPI (or not at all, if they haven't been assigned). The number of risks therefore does not have to correspond to the number of risks in the risk matrix. A double-click on a bar segment opens a dialog with a list of the respective risks. The risks can also be opened with a double-click.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

This KPI shows a risk treatment overview regarding open and finished measures as well as controls linked to active risks and opportunities.

It contains information about whether treatment measures/controls are overdue or there are active risks that have not been linked with a corrective measure yet. Planned, suspended, and canceled measures are disregarded in this KPI. Submitted, accepted, and rejected risks are also disregarded.

The KPI is divided into an outer and an inner ring. Here, the outer ring shows how many risks have a treatment, complications in their treatment, or no treatment at all. The risks with treatment are further apportioned in the inner circle, and divided into those with completed treatments or treatments in processing. If there are no risks with treatment, the inner circle is not displayed.

It's possible to limit the displayed risks and opportunities to those of the current management system. With a checkbox the KPI can be limited to supplier risks and opportunities. With the selection below it, it can be further limited to specific suppliers. However, it is not possible to filter by deactivated suppliers.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking a circle segment opens a dialog in which the respective risks are listed. The risks can also be opened by double-clicking.

This KPI provides information about resources in terms of their protection requirements. Without a filter, the KPI displays the protection requirement classes derived from the most critical values of each protection goal. However, you can also filter by a protection target, which will display the resulting protection requirement classes.

You can sort the resources included by protection objectives or filter them by model segments. Protection requirements are displayed in the colors defined under Risk Management > Risk Policy > Protection Requirements. The KPI can be filtered to show only the current management system or display protection requirements across all management systems.

Die Datenselektion erfolgt entweder im Bearbeitungsmodus, über das Dialogfenster oder es wird die Datenselektion im Ansichtsmodus aktiviert. Ein Doppelklick auf ein Kreissegment öffnet einen Auswahldialog, in dem die jeweiligen Ressourcen aufgelistet werden. Die Ressourcen können auch mittels Doppelklick geöffnet werden.

This KPI provides information on the status of the protection needs analyses in the selected analysis periods. It is possible to restrict whether all analyses, only analyses of organizational units or only analyses of processes are to be displayed.

• Include historical analyses: By default, the most recent versions of multiple protection needs analyses for organizational units and processes are displayed. However, this checkbox can also be used to display older protection needs analyses for the organizational units and processes.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking on a circle segment opens a selection dialog in which the respective protection needs analyses are listed. The protection needs analyses can also be opened by double-clicking.

This KPI provides the audits with the highest sum of deviations according to the Target score weighting of the selected protection target and audits.

The sum of deviations by target score weighting in the reviews assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.

It is also possible to configure which reviews are displayed:

• Underfulfillments: Only reviews that have a sum greater than 0. The larger the sum, the worse.
• Overfulfillments: Only reviews that have a negative sum. The smaller the sum, the better.
• All: All reviews, regardless of whether the sum of the deviations is positive or negative.

The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).

• Closed assessments only: By this option only completed reviews are taken into account.

• Include historical gaps: By default, the most recent versions of repeatedly run reviews are included. However, by using this checkbox, older versions of reviews can also be taken into account.

If no analysis period is selected, all deviations from all analysis periods are displayed. It is also possible to restrict from which organizational units the checks must originate from.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-clicking on a gap opens the corresponding analysis with the gap.

This KPI is a listing of the top risks and opportunities of the management system. The displayed risks and opportunities are thus ranked according to their risk score. The higher up, the greater the risk. The further down, the greater the opportunity.

Alternatively, it is also possible to switch to entities. This will display those entities that are most at risk.

The triangles provide information about how dangerous a risk is and how at risk an entity is. The dice provide information about how good an opportunity is. If you move the mouse pointer over them, the respective risk score is displayed.

Double-clicking on a risk/entity will take you to the corresponding risk/opportunity/entity.

This KPI provides the review objects with the highest sum of gaps according to the Target score weighting of the selected protection target and audits.

The sum of deviations according to target score weighting of the review objects assigned to the audits always refers to the current target score. This means that even if the deviations are limited to a specific analysis period, they are examined with the target score of the current analysis period.

It is also possible to configure which review objects are displayed:

• Underfulfillments: Only review objects that have a sum greater than 0. The larger the sum, the worse.
• Overfulfillments: Only review objects that have a negative sum. The smaller the sum, the better.
• All: All review objects, regardless of whether the sum of the gaps is positive or negative.

The sorting influences whether you are presented with the worst results (highest positive sum of deviations) or the best deviations (lowest positive sum of deviations, but no overfulfillments).

• Closed assessments only: With this option, only review objects from completed reviews are taken into account.

• Include historical review objects: By default, the most recent versions of multiple-valued review objects are included. However, this checkbox can also be used to include older versions of the review objects.

If no analysis period is selected, all review objects from all analysis periods are displayed. It is also possible to restrict the organizational units from which the reviews of the review objects are taken.

The data is selected either in the editing mode, in the dialog window, or by activating data selection in the view mode.

Double-click on a applied topic to open the corresponding analysis with the applied topic.