Setting Risk Controls

Risk controls are used for review purposes. Ensure that any changes to the risk have been identified. Control reviews are used for determining the quality of the controls.

Risk Control Concept

Process Owners can set controls for risks and regularly review them. A control is a way of monitoring a risk. It does not contain concrete action, e.g. it cannot actually reduce the risk, but ensures that any changes caused by the risk are identified. Control reviews are used for determining the quality of the controls.

Adding a Control

Prerequisites

You must be the owner of the process.

A risk has been added to a process or process element.

The risk is not published.

You must enter at least the title and review frequency (default: Annually) of a control before you can save it.

Context

You should set controls for risks and regularly review them if processes or process elements which are particularly risky or bring with them plenty of chances require regular attention.

Review frequency of controls determines how often control data is reviewed to check the quality of the controls.

Implementation rules for controls support relevance of reviews.

You can set multiple controls per risk.

How to proceed

  1. Select the process or process element with the risk you want to control.

    The existing risks are listed.

  2. Click on the risk you want to control.

    Detailed information is expanded.

  3. Click on Add Control to add a control to the risk.

    The dialog of the same name appears.

  4. Give the control a Title and a Description.

  5. Select the Control Frequency, Control Mode and Control Mechanism.

  6. Click on  Owner and select who should be responsible for the control.

  7. Select the Review Frequency for the control.

  8. Enter a reference or link to the implementation rules and verification for the controls as Location of Proof.

  9. Click on Submit Control.

    The control is shown in the Controls list.

    The risk can be identified by the icon .

Control Reviews

Prerequisites

You must be the owner of the process.

A control has been added to a risk and this risk is published.

Context

The control reviews are used for determining the quality of the controls.

You can review a control in the Overview tab in the respective risk analysis for a process.

How to proceed

  1. Click on the control you want to review in the Controls section in the risk's Details view.

    Control details are expanded.

  2. Click on Review Now for the first review or on Review Again.

    The Review Risk Control dialog appears.

  3. Review the control using the following criteria: Realization, Design, Efficiency and Adequacy.

    Filling in this criteria automatically calculates the Overall Review.

  4. Select "Overall Rating" if you want to set another overall rating.

  5. If applicable, enter Weaknesses for the control.

  6. Click on Submit Review.

    The review is shown in the Reviews list.

    The overall rating is highlighted.

    Click on to edit the control review.