Inadequate/Ineffective monitoring/ Supervision

External factors

Failure or absence of controls

Errors/Mistakes/Oversight 

Business Disruption Impact for External Stakeholders

Internal Business Disruption with regard to General Maintenance, Facilities, and Information Technology issues

Breach of RTLs

Physical Security Threats

Control Design Gap

Principal Risk Level-II

Risk Description

Risk Tolerance Limits

Incident Reporting Interactive Software

  Integrated Risk Incident Reporting Software

Integrated Risk Management and Incident Reporting Solution

Integrated Risk Monitoring and Incident Reporting System

Vendors / Contractors / Support Staff

Ex-employees

Only (i)

Both (i) and (ii)

No

Yes, with approval of DIT, CO

Yes, with approval of CISO

Yes, can be used as per the requirement of the BA without any approval

IT and Non-IT

Confidential and General

Material and General

Core and Non-Core