# Risk and Opportunity Management

## Risk Registry

* Navigate to **GRC / Risk and Opportunity Management** and open the **Risk Registry**.
* Initially, system-assigned risk registry items for related control items are displayed.
* Click the **Title** of a risk to edit details.
* **Basic Parameters** for a risk include:

  * **Title**: Non-editable.
  * **Category**: Risk or Opportunity.
  * **Status**: Open / Planned / In Progress / Rejected / Accepted / Completed / Completed & Verified.
  * **Description**: Risk description.
  * **Risk Type**: Internal, Third-Party, Compliance, Reputational, Technology, Operational, Strategic, Financial.
  * **Risk Owner Users / Groups**: Assign responsible users or groups.
  * **Other Assets**: Select Non-IT assets or create new ones via **GRC / Asset & Document Management**.
  * **Max Impact Assets**, **Risk Level**, **Likelihood**, **Impact**, **Confidentiality**, **Integrity**, **Availability**, **Residual Risk Level**, **Residual Risk Likelihood**, **Residual Risk Impact**, **Risk Treatment Option**, **Risk Treatment Type**, **Risk Treatment Description**, **Risk Controls**.

  **Note:** If predefined parameters are insufficient, they can be extended in **Evidence & Parameter Management**.

<figure><img src="/files/72ETu1KOD22aHXfQNr56" alt=""><figcaption></figcaption></figure>

## Advanced Parameters

* Process and Services can be selected or newly created.
* Rejection Reason, Discovered Assets, Max Importance Assets, and Detected Risk Score can be managed.
* Financial Impact / Cost, Expected / Actual Completion Dates, Review Dates, Risk Treatment State, and assignments to users and groups can also be configured.

<figure><img src="/files/fRHys4AG3rXPOmMj27Kr" alt=""><figcaption></figcaption></figure>

## Control Mappings

* Map risks to standards, incidents, classification rules, notable events, ToDos, evidences, documents, document templates, and control activities.

<figure><img src="/files/vvQcgKNR7K9sSELaIKpx" alt=""><figcaption></figcaption></figure>

## Activities

* Add activities via **Add Activity**.

## Risk Management Templates

* System-assigned risk items not linked to control items are displayed here.
* Use the three-dot menu → **Create Risk Registry Item** to create a new risk registry item.

<figure><img src="/files/i7u26dNKRaWspPZbPd62" alt=""><figcaption></figcaption></figure>

## Process Management

* View or edit existing processes.
* Create new processes with Name, Description, Status (Active / Inactive), Owner Users, and Owner Groups.

## Services Management

* View or edit existing services.
* Create new services with Name, Description, Owner Users, Owner Groups, Process, Value / Currency, and Related Assets.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/grc-management/risk-and-opportunity-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.