Raiffeisen as part of it's use-case testing would like to
• Identify risks which aren’t covered by any control
• Identify assets which are not affected by a dedicated risk
I tried Orphans - but the Assets are related to the Orgs and the Risks related to the Assets), so they don't show up there.
Within the product, with reports available OOTB how would it be possible to identify all
Risks which are not covered by any control? The RCM Report would have been an option but it is not available in the IT Compliance app
Assets which are not affected by a dedicated risk. Assets affected show up, but how do you identify the remaining ones - Is the only option to look at the sum total and subtract it from there.
If a method to identify with a 'none-selected' in the Related Controls in the Risks Library Report were there, all such Risks with no controls linked to them (even though Orgs/Assets are linked to them and are therefore not 'orphans') would be useful.
Thanks.