Introducing Risk Controls
Risk Controls are the measures and procedures implemented to manage and mitigate identified risks, ensuring they remain within acceptable levels. These controls can be policies, standards, procedures, and physical or technical safeguards. Each risk can be linked to one or multiple Risk Controls, and as a result we can see for each Risk Control what risks are managed or impacted by it.
Benefits of Risk Controls
Risk Controls is an optional feature, risks can be managed without the Risk Control table being populated. However, there are many benefits to using Risk Controls:
- Consistency: Ensures that Risk Controls are applied consistently across the organization, reducing variability in risk management practices.
- Efficiency: Streamlines the risk management process by providing a centralized repository of proven controls, saving time and resources in developing new measures for each identified risk.
- Effectiveness: Enhances the effectiveness of risk management by using established, tested controls that have been linked to specific risks, ensuring appropriate responses.
- Accountability: Improves accountability by clearly documenting which controls are in place for each risk, who is responsible for their implementation, and how they are monitored.
- Compliance: Facilitates compliance with regulatory requirements by maintaining comprehensive records of risk controls and their application.
- Adaptability: Allows for easier updates and adaptations to controls as new risks emerge or existing risks evolve, ensuring the organisation remains responsive to changing conditions.
- Insight and Reporting: Provides valuable insights and aids in reporting to stakeholders by demonstrating how risks are managed and mitigated through specific controls, supporting transparency and informed decision-making.
Risk Control Types
Risk Controls are categorized into different Control Types, as follows:
| Control Type | Explanation | Examples |
Preventative |
Measures designed to prevent risks or undesirable events from occurring. These controls are proactive and aim to reduce the likelihood of risk incidents by eliminating potential causes or mitigating their impact before they manifest. |
|
Directive |
Provide guidance and directives to ensure desired outcomes. These controls establish clear expectations, standards, and instructions for employees to follow, promoting compliance and consistent behaviour within the organisation. |
|
Detective |
Measures designed to identify and detect risks or undesirable events that have already occurred. These controls provide mechanisms for monitoring, alerting, and reporting incidents, enabling timely responses to minimize impact. |
|
Corrective |
Measures implemented to correct and mitigate the impact of risks or undesirable events that have already occurred. These controls focus on restoring systems, processes, and operations to their normal state and preventing recurrence. |
|
Viewing Defined Risk Controls
Click on Risk Controls in the menu to view existing records.
Use the Show Chart button in the top left to reveal a bar chart, counting Risk Controls by Control Group (you can click into the chart to select a group as a filter for records shown in the list).
Adding/Editing Issue Records
Click on the + New button at the top of the screen to add a new Risk Control or edit an existing record in the list.
Risk Control Fields Explanations
| Field | Comment |
| Title | Name of the Risk Control |
| Control Group | Select the appropriate group from the list of configurable Control Groups. This group will help with searching and reporting of controls. |
| Type of Control |
Choose from Preventative, Directive, Detective, Corrective (see explanation above) |
| Control Category | Choose either Process or Hardware. |
| Quality Process | If Control Category is Process, then this field is shown. Please select the relevant process from the list that supports this Control (maintained in the Quality Process table) . |
| Assessment Type | Pick the appropriate value from the list to define how this control will be assessed (or not). |
| Description | Description of the control |
| Dependencies | Narrative to describe what else must be in place for this control to be effective |
| Notes | Various Notes (e.g. describe how control is assessed if Assessment Type is 'Other') |
| Control Assessment Frequency (Days) | Enter a number of days to define the assessment frequency, used to calculate Next Assessment Date |
| Latest Control Assessment | Filled in by the Control Assessment process to link to the latest assessment. |
| Next Assessment Date | Calculate from most recent assessment, based on Control Assessment Frequency value entered above |
| Link (URL) | Enter a URL to related content, so allow easy navigation to it (e.g. document published in your intranet). |
Risk Control Assessments
The application allows for Controls to be assessed on a regular basis, by capturing assessment records. These are shown at the bottom of the Risk Control screen. There you can add new assessments or edit existing records.
Details of the most recent assessment are shown in a separate box next to the Control entry form.
Assessment data fields are explained below:
| Field | Comment |
| Name | The name will be generated by the system, to include a unique ID and the name of the related control (e.g. "Control Assessment ID 1010 for Control Financial Stability Checks") |
|
Assessment Date |
Date when assessed |
| Assessed By | System user entering the assessment |
| Control Design | Pick a value: Appropriate, Insufficient, Not Assessed |
| Control Effectiveness | Pick a value: Fully, Not Fully, Not Assessed |
| Notes | Misc. notes for this Control assessment |
Once saved, the details of the most recent assessment will be shown for the Risk Control in the Risk Control form and views.