Detailed information regarding RASEN support for the key areas and levels below is available by selecting them. Supported areas have a blue background
Systematic and risk driven | Real time assessment | Continuous risk-based testing | Integrated |
Systematic compliance assessment | Quantitative assessment | Risk based testing | Partially Integrated |
Check list based compliance assessment | Qualitative assessment | Planned testing | Stand alone |
Ad-hoc compliance assessment | Checklist assessment | Unstructured testing | None |
Legal and compliance assessment | Risk assessment | Security testing | Tool support |
Risk assessment – Check list assessment
Risk assessment is the overall process of risk identification, risk estimation and risk evaluation. Risk identification is the process of finding, recognizing and describing risks. This involves identifying sources of risk, areas of impacts, events (including changes in circumstances), their causes and their potential consequences. Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs. Risk estimation is the process of comprehending the nature of risk and determining the level of risk. This involves developing an understanding of the risk. Risk estimation provides the basis for risk evaluation and decisions on whether risks need to be treated, and on the most appropriate risk treatment strategies and methods. Risk evaluation is the process of comparing the results of risk estimation with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. Risk evaluation assists in the decision about risk treatment. Risk assessment mainly consisting in answering a sequence of questions or filling in a form.