Slide shows a high level overview of the different data elements within GRC Risk Management, for details please review Appendix 2 “Detailed Data Structure” Risk Management data structure consists of two major aspects that includes a general structure visible in reporting and a structure visible in data maintenance Organizational Unit Arranged in an Org Unit hierarchy, e.g. according to HR-Org Headed by a named Org Unit Manager, with Risk Manager(s) assigned to it Main entry point for analyzing the risk situation based on organizational unit specific thresholds Activity Any business related activity that needs to be monitored through dedicated risk management Activities help structuring risk management in different aspects of the business and later might be used for different Typical types of activities are Processes: potentially all operational and admin processes within an enterprise Projects: potentially all internal and customer projects Objects: generic activity that is neither a project nor a process (e.g. “Production Plant A”) Risks Named uncertain event or condition that has a negative effect on the business. Risks are assigned to Processes Projects or Objects within a certain Organizational Unit Risk Categories Grouping of different risks (from different activities) that can be used to roll-up and aggregate risk