Working with controls
A control can be any plan of action to mitigate a risk in your organization. The control will reduce the severity and the impact of the risk and lower the chance of that risk happening in your organization.
Adding a control
Perform the following steps to add a control in the Risk Manager:
- Open the Risk Manager app.
The Risk Manager homepage opens.
- Go to the Controls tab and click + Add Control.
The Add Control dialog box opens.
- In the Add Control panel, enter a name for your control.
- Add any other details necessary, and click one of the following:
- Add Control to save the control and close the panel.
- Save & Add New to save the control and add another one.
Result After adding, your controls are created.
- Optional. Click on the control name to view the detailed control page and add more details.
Add or change the owner of a control
To add or update the owner of a control, perform the following steps:
- Open the Risk Manager app.
The Risk Manager homepage opens.
- Click the Controls tab.
- From the Control list, click on the name of the control where you want to add or update the owner.
The Details tab opens.
- In the Control Owner field, select a user and click Save Changes.
Result The control is assigned to the user selected, and an email notification is sent to the assigned user.
Moving a control through different workflows
After creating a control, you can advance it through different workflow states based on your needs and requirements. Some workflow states may require some fields to be filled in, ensure to meet the criteria to advance the control.
To move a control from Draft to Identification state, perform the following steps:
- Open the Risk Manager app.
The Risk Manager homepage opens.
-
Go to the Control tab, and click on the name of the control you want to work with.
The control page opens with the Details tab.
- Enter the information about the control, including the ID, description, owner and click Save Changes.
- Click Identify in the top right.
Result The workflow status changes to Identification.
Note
You can follow the same steps mentioned above to advance the control through the rest of the workflow states according to your needs.
Linking a control to different entities
A control is related to different entities across your organization, such as risks, assets, etc. It is important to capture this relationship and link the control with these entities.
To link a control to different entities, perform the following steps:
- Open the Risk Manager app.
The Risk Manager homepage opens.
-
Click on the name of the control you want to work with.
The detailed control page opens with the Details tab.
- Go to the Relationship tab and do the following:
- To link a risk, click Link Risks.
The Link Risks dialog box opens.
- Select the type of risk and the risk.
- Click Link Risks.
Result The risk is linked to the control.
- To link an asset, click Link Assets.
The Link Assets dialog box opens.
- Select the type of asset and the asset.
- Click Link Assets.
Result The asset is linked to the control.
- To link a control assessment, click Link Control Assessments.
The Link Control Assessments dialog box opens.
- Select the type of control assessment and the control assessment.
- Click Link Control Assessments.
Result The control assessment is linked to the control.
- To link a risk, click Link Risks.
Note
- You can follow the same steps as above to link a control to additional entities such as other controls, processes, and objectives, if these entities are configured in your Risk Manager.
- You can quickly link to entities from the home page also by expanding the control row and clicking Add Relationship. This is applicable only if you have not yet linked the control to any entity.
- When you link entities with each other, a two-way link is created. For example: When you link your risk to a control, the linked risk is displayed in the Relationship tab of the control and the control is displayed in the Relationship tab of the risk. If the links are not working both the ways, contact Support for assistance.
Unlink the control from other entities
You can unlink relationships of a control with different entities such as assets, controls, and assessments.
To unlink a control relationship, perform the following steps:
- Open the Risk Manager app.
The Risk Manager homepage opens.
-
Click on the control you want to work with.
The detailed control page opens with the Details tab.
- Go to the Relationship tab and click the unlink icon
on the object that you want to remove the link from.The Unlink relationship dialog box opens.
- Click Unlink Object.
Result The link is removed from the control.
Assessing a control
Once your control is added and identified, you can assess the control by analyzing the effectiveness of the control.
To assess a control, perform the following steps:
- Open the Risk Manager app.
The Risk Manager homepage opens.
-
Click on the control you want to assess.
The detailed control page opens.
- Go to the Assessments tab, and click the name of the control assessment to open it.
- Ensure you have filled in the necessary information, and then, in the upper right, click Assess.
Result The workflow status changes to Assessment.
- Then, click Approve.
Result The workflow status changes to Monitoring.
How are control assessments generated?
Control assessments are generated based on association of a risk with control.
For more information, see How are assessments generated?
Note
You can also add control assessments manually from the Assessments tab.
Deleting a control
To delete a control, perform the following steps:
- Open the Risk Manager app.
The Risk Manager homepage opens.
-
Click on the control you want to delete.
The detailed control page opens.
- In the upper right, click More options
and then Delete. - In the confirmation dialog box, click Delete again.
Result The control is deleted.
