RISK CONTROL GRID IN THE RISK ASSESSMENT
The risk control grid in the risk assessment is located within the Current Risk Assessment tab.
The Column visibility in the control grid is based on the control field configuration while the column order is based on the configuration set for control detail area.
The edit and delete controls will be display next to the added controls.
Adding a new control to a risk
A new control can be added against a risk by entering the details in the grid and clicking add { } icon. When fields are made required in the configuration those validations are checked. Enter in a control title, Control Owner, Control Rating and a description.
Linking an existing control to a risk
Clicking the ‘Select Existing Control Template’ {
} button, user can select an existing control and link to the risk.
Clicking the button will open a pop-up, listing all the existing controls for the origination. Once an existing control is linked to the risk, data will be maintained uniquely for that risk.
The search area is provided in the existing control screen for the user to filter out the controls. Field configured for the search area in the setting screen are displayed here.
User Permissions for adding/linking control to a risk
The editing, deleting, adding is all based on the linked risk user permission.
E.g. if the logged in user does not have permission to edit the risk, the control grid edit/delete and add icons will be disabled.
Permission is granted to the control owner and control authorizer to update data except the following;
Security Logic implemented on Risk Controls: Controls are checked or newly identified during the risk assessment process. Basically when a risk is assessed, you check if there are any existing controls in place to minimize the risk of it happening. So the risk controls are taken as global templates. Hence, title can be edited if you have permission to add/edit a RISK. Controls owner and authorizers are the people who manage the existing control – so title is not given for those users to edit.
Responsible people for the controls (both the control owner and authorizer) are given by the risk responsible people (risk RO or higher permission user). Hence, control owner and authorizers cannot change his/her own names. Also they cannot change the other person’s ratings.
RISK CONTROL DETAIL SCREEN
The user can navigate to the control detail screen from the control register or from the control grid in the ‘Current Risk Assessment’ screen.
When the ‘risk action grid’ is activated, the standard risk action grid will be displayed where user can enter risk actions and link them to the control. The control risk actions entered here will be added to the ‘Risk Action’ grid in the risk assessment area.
Control Details – links to risk treatment actions:
Risk Treatment actions – links to controls:
User permission in risk control detail
The editing, deleting and adding is all based on the linked risk user permission.
Permission can also be given to control owner and control authorizer to update data except the following;
· Control owner: cannot change own name, control authorizer name, authorizer name and control title.
· Control authorizer: cannot change own name, control owner rating and control title
RISK CONTROL SOLUTION GRID
Risk actions may be linked to the risk control when clicking into the risk control either from the Control grid or they may be linked from the Risk Actions grid:
Control Grid:
Risk Action Grid:
User permission in risk control solution grid
· Users with add/edit/delete permission for the risk which the risk action is link to
· Users with add/edit/delete permission for the control which the risk action is link to
· Risk Action owner
RISK CONTROL DOCUMENT TAB
This tab will be activated based on the configuration.
Both documents and hyperlinks can be included here for the control. The Control name will be displayed just above the document upload area. Upon closing, the user will be navigated control detail screen.
Risk control name is displayed at the top of the document screen.
User permission in the document tab
· Users with add/edit /delete permission for the risk can upload documents and include hyperlinks for the controls.
· Control owner and authorizer also can add documents and hyperlinks
Copyright © 2014-2015 CAMMS Online Help. All rights reserved.
Last revised: September 23, 2018