Appearance
Risk Manager Path
Set up risk quantification as a delegable operating model: shared taxonomy, explicit budgets, and repeatable monetary outputs across projects.
Outcome
You leave this path with:
- a consistent organization risk taxonomy (categories, risks, threat vectors)
- monetary risk appetite and allocations that enable quantification in projects
- a portfolio view of exposure that can be reviewed and adjusted over time
Time to first value: 60–120 minutes
Prerequisites: you are an Organization Risk Manager (or Organization Admin)
Path at a glance
1
Review the taxonomy
Validate categories, risks, and threat vectors
2
Set budgets
Define monetary appetite and allocations
3
Support projects
Enable teams to quantify the top threats
4
Review exposure
Use portfolio rollups to steer investment
Step 1: Review the organization risk taxonomy
Goal: create a shared language for rollups and budgeting.
Where in Modulos
Organization → Risk Management → Category TaxonomyOrganization → Risk Management → Risk TaxonomyOrganization → Risk Management → Threat Vector Taxonomy
Do this
- Confirm categories match how leadership wants to see rollups (for example technical, legal, operational).
- Ensure risk wording is reusable and consistent across projects.
- Ensure threat vectors are specific enough to quantify and to assign mitigations.
You’re done when
- projects can reuse the taxonomy without inventing their own definitions
Step 2: Set monetary risk appetite and allocations
Goal: turn risk appetite into an operating model with explicit budgets.
Where in Modulos
Organization → Risk Management → Risk Limitsfor total appetite and category allocationsOrganization → Risk Management → Project Risk Limitsto allocate appetite across projects
Do this
- Set the total monetary risk appetite for the organization.
- Allocate appetite across categories.
- Allocate appetite across projects so project teams can quantify within an explicit budget.
You’re done when
- budgets are consistent and quantification is not blocked by missing allocations
Step 3: Support project quantification
Goal: help project teams produce monetary outputs they can act on.
Where in Modulos
Project → Risksto manage project risks and threat selectionProject → Risks → select a risk threat → Quantifyto run quantification
Do this
- Ensure each project has an appropriate project risk limit.
- Encourage teams to start with the highest-impact threats and quantify iteratively.
- Use the organization taxonomy to keep rollups consistent across projects.
You’re done when
- each active project has at least a first-pass quantified threat that contributes to rollups
Step 4: Review portfolio exposure and steer investment
Goal: make risk visible and comparable across projects.
Where in Modulos
Organization → Risk Management → Risk Overviewfor portfolio rollupsProject → Risksfor project-level exposure and prioritization
Do this
- Review category and project exposure against budgets.
- Identify outliers and ask for re-quantification when systems, vendors, or controls change.
- Use monetary exposure to prioritize treatment and investment across teams.
You’re done when
- the portfolio view is used as a steering signal, not a static dashboard
Next handoff
Compliance Lead
Use quantified risk to prioritize the governance backlog and evidence plan
AI Product Owner
Keep the AI system scope and lifecycle stage current for governance decisions
Reviewer & Internal Audit
Validate that quantified risks and mitigations are backed by evidence and traceable decisions