Working with controls

A control can be any plan of action to mitigate a risk in your organization. The control will reduce the severity and the impact of the risk and lower the chance of that risk happening in your organization.

Adding a control

Here is how you can add a control in Risk Manager:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Go to the Controls tab and select + Add Control.

    The Add Control dialog box opens.

  3. In the Add Control panel, enter a name for your control.
  4. Add any other details necessary, and select one of the following:
    • Add Control to save the control and close the panel.
    • Save & Add New to save the control and add another one.

    After adding, your controls are created.

  5. (Optional) Select the control name to view the detailed control page and add more details.

Add or change the owner of a control

Here is how you can add or update the owner of a control:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the Controls tab.
  3. From the Control list, select the name of the control where you want to add or update the owner.

    The Details tab opens.

  4. In the Control Owner field, select a user and select Save Changes.

    The control is assigned to the selected user and an email notification is sent to the assigned user.

Moving a control through different workflows

After creating a control, you can advance it through different workflow states based on your needs and requirements. Some workflow states may require some fields to be filled in, ensure to meet the criteria to advance the control.

Here is how you can move a control from Draft to Identification state:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Go to the Control tab, and select the name of the control you want to work with.

    The control page opens with the Details tab.

  3. Enter the information about the control, including the ID, description, owner.
  4. Select Save Changes.
  5. Select Identify in the top right.

    The workflow status changes to Identification.

Note

You can follow the steps mentioned above to advance the control through the rest of the workflow states according to your needs.

Linking a control to different objects

A control is related to different assets and other library objects across your organization. Capturing this relationship and linking the control to the library objects sets a context for the control in the library and its impact on the related objects.

Here is how you can link a control to different objects:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the name of the control you want to work with.

    The detailed control page opens with the Details tab.

  3. Go to the Relationship tab and do the following:
    • To link a risk, select Link Risks.

      The Link Risks dialog box opens.

      1. Select the type of risk and the risk.
      2. Select Link Risks.

        The risk is linked to the control.

    • To link an asset, select Link Assets.

      The Link Assets dialog box opens.

      1. Select the type of asset and the asset.
      2. Select Link Assets.

        The asset is linked to the control.

    • To link a control assessment, select Link Control Assessments.

      The Link Control Assessments dialog box opens.

      1. Select the type of control assessment and the control assessment.
      2. Select Link Control Assessments.

        The control assessment is linked to the control.

Note

  • You can follow the same steps as above to link a control to additional library objects such as other controls, processes, and objectives, if these objects are configured in Risk Manager.
  • You can link objects from the home page by expanding the control row and clicking Add Relationship. This is applicable only if you have not yet linked the control to any object.
  • When you link objects with each other, a two-way link is created. For example: When you link your risk to a control, the linked risk is displayed in the Relationship tab of the control and the control is displayed in the Relationship tab of the risk. If the links are not working both the ways, contact Support for assistance.

Unlink the control from other objects

You can unlink relationships of a control with different assets and other library objects.

Here is how you can unlink a control relationship:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the control you want to work with.

    The detailed control page opens with the Details tab.

  3. Go to the Relationship tab and select the unlink icon on the object that you want to remove the link from.

    The Unlink relationship dialog box opens.

  4. Select Unlink Object.

    The link is removed from the control.

Associating a control with an organizational unit

Create a relationship between a control in Risk Manager and an organizational unit. Organizational units constitute the foundation of the enterprise, linking diverse organizational entities across different company segments. This hierarchy also stores departmental and business unit details. You can relate a control to multiple organizational units.

Here is how you can associate a control with an organizational unit:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Under the Control tab, select the name of the control that you want to update.

    The control details page is displayed.

  3. Under the Details tab, in the Related Org Unit field, search select any of the preconfigured organizational units you want to relate the control to.

  4. Select Apply Selection.

  5. Select Save Changes.

    The control is updated. On the Risk Manager home page, under the Control tab, you can view the organizational unit associated with the specific risk under the Org Unit column.

Note

The organizational unit hierarchy is preconfigured by the system admins in your organization. For more information about the hierarchies in the organizational structure, contact your system admin. If you are a system admin, you can view the list of preconfigured organizational units in the platform settings (navigate to Platform Settings and select Org Structure). To learn more about Organizational Units, see Organizational Structure.

Creating a control assessment

To assess the potential threat level of a control to the organization, risk managers can add control assessments to controls. Assessments are generated based on the objects they are linked to. To learn more, see How are assessments generated?.

Here is how you can create a control assessment:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Under the Control tab, select the control for which you want to create a control assessment.

  3. On the Control Details page, go to the Control Assessment tab.

  4. Select Add Control Assessment.

  5. In the Add Control Assessment dialog box:

    1. Enter a name for the control assessment.
    2. Select Add Control Assessment.

  6. On the Control Assessments Details page, do the following:

    1. Provide a reference ID and add a description.

    2. Assign an owner for the risk assessment.

    3. (Optional) Select an organizational unit.

    4. Select values for Likelihood, Impact and Residual Risk Score.

  7. Select Save changes. The control assessment is created and an email is sent to the assessment owner with the link to the assigned assessment.

    Enter the required details for the control assessment and select Save changes.

Assessing a control

After adding and identifying the control, you can assess the control by analyzing the effectiveness of the control.

Here is how you can assess a control:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the control which you want to assess.

  3. On the Control Details page, go to the Control Assessment tab.

  4. On the Control Assessment Details page, select the control assessment you want to assess.

  5. On the Control Assessments Details page, do the following:

    1. Provide a reference ID and add a description.

    2. Assign an owner for the control assessment.

    3. (Optional)Select an organizational unit.

    4. Select values for Likelihood, Impact and Residual Risk Score.

  6. Select Save Changes, to update the control assessment.

How are control assessments generated?

Control assessments are generated based on association of a risk with control.

For more information, see How are assessments generated?

Note

You can also add control assessments manually from the Assessments tab.

Deleting a control

Here is how you can delete a control:

  1. From the Launchpad home page (www.highbond.com), select the Risk Manager app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Risk Manager app. The Risk Manager home page opens.

  2. Select the control you want to delete.

    The detailed control page opens.

  3. In the upper right, select More optionsand then select Delete.
  4. In the confirmation dialog box, select Delete.

    The control is deleted.