As defined in BS31000, a control is any process, policy, device, practice, or other actions that modify risk. Each control may be assessed according to whether it has yet been implemented, it is in place but not been subject to suitable assurance activity or it is fully in place and tested on an on-going basis.
Multiple controls can be raised against a risk and these can be assessed independently.
- Select the organisation unit of the risk/issue from the side menu.
-
Find the risk/issue in the risk list and click on it's title. You may need to use the vertical scroll bars to see the whole list.
-
When the risk maintenance page appears click on the Controls tab
. -
Click on the Create Control button
. -
Enter the Control Description which defines the control which is already in place or is due to be put in place.
-
Click the radio control to indicate your Assessment of the control.
-
Click the OK button
. -
Repeat steps 5 to 8 for each control you wish to add.
-
Click the Submit/Save button
.
A Risk is shown as controlled when the Current or Residual Score of the risk is equal to or less than the Target Score, and these scores should reflect the status of associated action plans and control measures
See Also
Comments
0 comments
Please sign in to leave a comment.