Working with controls

A control can be any plan of action to mitigate a risk in your organization. The control will reduce the severity and the impact of the risk and lower the chance of that risk happening in your organization.

Adding a control

Perform the following steps to add a control in the Risk Manager:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Go to the Controls tab and click + Add Control.

    The Add Control dialog box opens.

  3. In the Add Control panel, enter a name for your control.
  4. Add any other details necessary, and click one of the following:
    • Add Control to save the control and close the panel.
    • Save & Add New to save the control and add another one.

    Result After adding, your controls are created.

  5. Optional. Click on the control name to view the detailed control page and add more details.

Add or change the owner of a control

To add or update the owner of a control, perform the following steps:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Click the Controls tab.
  3. From the Control list, click on the name of the control where you want to add or update the owner.

    The Details tab opens.

  4. In the Control Owner field, select a user and click Save Changes.

    Result The control is assigned to the user selected, and an email notification is sent to the assigned user.

Moving a control through different workflows

After creating a control, you can advance it through different workflow states based on your needs and requirements. Some workflow states may require some fields to be filled in, ensure to meet the criteria to advance the control.

To move a control from Draft to Identification state, perform the following steps:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Go to the Control tab, and click on the name of the control you want to work with.

    The control page opens with the Details tab.

  3. Enter the information about the control, including the ID, description, owner and click Save Changes.
  4. Click Identify in the top right.

    Result The workflow status changes to Identification.

Note

You can follow the same steps mentioned above to advance the control through the rest of the workflow states according to your needs.

Linking a control to different objects

A control is related to different assets and other library objects across your organization. Capturing this relationship and linking the control to the library objects sets a context for the control in the library and its impact on the related objects.

To link a control to different objects, perform the following steps:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Click on the name of the control you want to work with.

    The detailed control page opens with the Details tab.

  3. Go to the Relationship tab and do the following:
    • To link a risk, click Link Risks.

      The Link Risks dialog box opens.

      1. Select the type of risk and the risk.
      2. Click Link Risks.

        Result The risk is linked to the control.

    • To link an asset, click Link Assets.

      The Link Assets dialog box opens.

      1. Select the type of asset and the asset.
      2. Click Link Assets.

        Result The asset is linked to the control.

    • To link a control assessment, click Link Control Assessments.

      The Link Control Assessments dialog box opens.

      1. Select the type of control assessment and the control assessment.
      2. Click Link Control Assessments.

        Result The control assessment is linked to the control.

Note

  • You can follow the same steps as above to link a control to additional library objects such as other controls, processes, and objectives, if these objects are configured in Risk Manager.
  • You can quickly link objects from the home page by expanding the control row and clicking Add Relationship. This is applicable only if you have not yet linked the control to any object.
  • When you link objects with each other, a two-way link is created. For example: When you link your risk to a control, the linked risk is displayed in the Relationship tab of the control and the control is displayed in the Relationship tab of the risk. If the links are not working both the ways, contact Support for assistance.

Unlink the control from other objects

You can unlink relationships of a control with different assets and other library objects.

To unlink a control relationship, perform the following steps:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Click on the control you want to work with.

    The detailed control page opens with the Details tab.

  3. Go to the Relationship tab and click the unlink icon on the object that you want to remove the link from.

    The Unlink relationship dialog box opens.

  4. Click Unlink Object.

    Result The link is removed from the control.

Associating a control with an organizational unit

Create a relationship between a control in Risk Manager and an organizational unit. Organizational units constitute the foundation of the enterprise, linking diverse organizational entities across different company segments. This hierarchy also stores departmental and business unit details. You can relate a control to multiple organizational units.

Here is how you can associate a control with an organizational unit:

  1. Open the Risk Manager app.

    The Risk Manager home page is displayed.

  2. Under the Control tab, select the name of the control that you want to update.

    The control details page is displayed.

  3. Under the Details tab, in the Related Org Unit field, search select any of the preconfigured organizational units you want to relate the control to.

  4. Select Apply Selection.

  5. Select Save Changes.

    ResultThe control is updated. On the Risk Manager home page, under the Control tab, you can view the organizational unit associated with the specific risk under the Org Unit column.

Note

The organizational unit hierarchy is preconfigured by the system admins in your organization. For more information about the hierarchies in the organizational structure, contact your system admin. If you are a system admin, you can view the list of preconfigured organizational units in the platform settings (navigate to Platform Settings and click Org Structure). To learn more about Organizational Units, see Overview of Organizational Structure.

Assessing a control

Once your control is added and identified, you can assess the control by analyzing the effectiveness of the control.

To assess a control, perform the following steps:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Click on the control you want to assess.

    The detailed control page opens.

  3. Go to the Assessments tab, and click the name of the control assessment to open it.
  4. Ensure you have filled in the necessary information, and then, in the upper right, click Assess.

    Result The workflow status changes to Assessment.

  5. Then, click Approve.

    Result The workflow status changes to Monitoring.

How are control assessments generated?

Control assessments are generated based on association of a risk with control.

For more information, see How are assessments generated?

Note

You can also add control assessments manually from the Assessments tab.

Deleting a control

To delete a control, perform the following steps:

  1. Open the Risk Manager app.

    The Risk Manager home page opens.

  2. Click on the control you want to delete.

    The detailed control page opens.

  3. In the upper right, click More optionsand then Delete.
  4. In the confirmation dialog box, click Delete again.

    Result The control is deleted.