Articles in this section

See more

Content Customisation - Controls Library

Gloria Wan
  • Updated
Follow

Platform: Risk Assessment Platform

Applies to: Super Admin and Company Admin Users

The purpose of this feature is to maintain a master library of controls for each Domain and Control Category (i.e., control sets).

Controls can only be added to Assessment Units that are of the same Domain.

Table of contents

View the Controls Library

To view the control library:

  1. Open the App Setup menu
  2. Select Controls Control Library

There are two tabs on the Control Library page - Global and Company.

  • Global - list of out-of-the-box/purchased controls.
    The Super Admin can manage (add/edit/archive/delete) controls in the Global tab and has view-only access to controls in the Company tab.
  • Company - list of controls created by the company.
    The Company Admin can manage (add/edit/archive/delete) controls in the Company tab and has view-only access to controls in the Global tab.

The main components on the header of this page are:

  • Search field – enter search text.
  • New Control button - create a new control.
  • Bulk Update – update multiple controls at one time.
  • Download Control Import File Format - downloads a blank starting template to create an XLSX import file.
  • Export Controls - downloads an XLSX file with all controls from your control library.
  • Import Controls - import controls from an XLSX file.
    Note: When importing from a file, the application runs validation to ensure the file/data format is correct and virus-free. The import is case-sensitive.

The main components of the default table are:

  • Name – unique name of the control
  • Description - the control description; optional
  • Domain - domain related to the control
  • Category - unique name for the control category (i.e. group of controls)
  • Type - the type of control: Preventative, Detective, Corrective, etc*
  • Status – status of the control: In Progress, Published, or Archived. Select "Archived" in the column's filter settings to see archived controls.
  • Actions column:
    Depending on the status of the control and its dependencies, these functions are available:
    • Edit (Button-Edit.png) - edit the details of the control
    • Publish Control () - publishes the control (only available once the mandatory fields for the control is complete)
    • Unpublished Unused Control () -  unpublishes controls (only available if control hasn't been used)
    • Action Menu () -
        • Copy Control - copy the control to create a new control
        • Delete Control - remove the control from the control library (only available for controls that have not been used in assessments)
        • Archive Control - archive a control from the control library (only available for controls that have been used)
        • Audit Trail - view history of actions and changes to control
        • Export Control - export control into an XLSX
        • Export Rationale CSV - for control questions that contain a rationale, export rationale into an XLSX
        • Restore Old Version - appears only if a previously published and used control has a 'New Version' created.

Use the search and filter options on the table header to filter your results.

*Control Types can be configured in Application Customisation - Dropdown Configuration Management

The default table columns can be configured in Company Settings under Column Configuration > Control Library > Configure. This allows you to display additional information in the table for users to view. Please note that this is a company-wide setting, meaning the changes will be visible to all users.

The screenshot below is based on the default control detail fields.

Create Control

You can create a single control, or create multiple controls at once.

Create a single control

Use this method to create one control at a time.

  1. Press the New Control button.
  2. Complete the details. Fields with an asterisk are required.

Note: If you need to capture more details for the control, you can customise the control details form (i.e. Control ID, Control Owner, etc.). See Content Customisation - Screen Forms to learn more.

Control Assessment Methods

Choose your preferred control assessment method by configuring the Control Metrics tab, or the Control Questions tab, or both. At least one method must be completed.

Control assessment method 1 - Control Metrics

  • Test - a description of tests to be conducted to evaluate the performance of the control.
  • Suggested Evidence - a description of the evidence needed to support the evaluation.

Note: When using Control Metrics, effectiveness is calculated based on the selected methodology metrics, such as Design and Performance.

Control assessment method 2 - Control Questions

The main components in this tab:

  • Control Test Questions - a specific question used to assess the effectiveness of a control
  • Control Test Description - additional details or context to define the test question. Optional.
  • Distribute Weights () - allocate weights to each control test question
  • Rationale () -  provides a field to add context or justification for the question. Optional.
  • Answer Set - a predefined set of response options for the control test question.
  • Add Question – Click the blue add question button or the (+) icon at the bottom of the table to add more questions.
    • Copy From - Copy questions and their answer sets from existing controls to the current control.
  • Edit Question () - opens the selected question for editing
  • Copy Question ()- duplicate the selected question 
  • Delete Question ()- delete the selected control test question
  • Reorder () - drag tool to rearrange questions into your preferred sequence

Note: When adding questions to the control, be sure to distribute the weights among them. Newly added questions will not have a weight assigned by default. Use () to open a pop-up where you can adjust the question weights accordingly.

Create multiple controls from import

Use this method to import multiple controls into the control library from a file.

  1. Use the "Download Control Import File Format" (Button-ImportTemplate.png) button to download a blank XLSX import file.
  2. Follow the instructions below to configure the XLSX import file. Save the file.
  3. Press the Import Control (Button-BulkUpload.png) button.
  4. In the popup, press Choose File and select the file created in Step 2.
  5. Press Import.

Configuring the Control Import File

The control import file includes predefined columns based on your default control details form. Each row represents a single control - complete one row per control. However, if using questions, a single control may require multiple rows.

Note: Do not change the column headers. Do not add or remove columns. The file is case-sensitive.

Complete the details - one row per control. 

  • ControlName - the unique name of the control. Required.
  • ControlDescription - the control description. Optional.
  • ControlCategory - the category of the control. Required.
  • ControlType - the type of control: Preventative, Detective, Corrective, etc
  • Domain - the domain of the control's category. Required.

The next columns are the control assessment methods.

Choose your preferred control assessment method by configuring the control metrics, control questions, or both. At least one method must be completed.

Control Metrics

Use control metrics to assess effectiveness based on your selected methodology metrics, such as Design and Performance. Only one row is needed per control when using control metrics.

  • Test - a description of tests to be conducted to evaluate the performance of the control.
  • SuggestedEvidence - a description of the evidence needed to support the evaluation.
  • Control tests should all be written in a single cell under the "Test" column.
  • Suggested evidence should also be written in a single cell under the "Suggested Evidence" column.

Control Questions

Use control questions if you want to ask specific questions to assess the effectiveness of a control.

    • ControlTestQuestion - a specific question used to assess the effectiveness of a control
    • ControlTestQuestionDescription - additional details or context to define the test question
    • AnswerSet - a predefined set of response options for the control test question (must already be configured on the platform).
    • All mandatory fields defined by your control details form must be repeated for each row of the question.
    • Each row represents one question and its corresponding control test question and answer set.

Save the file and import.

Update a single control

When updating controls, the available actions depend on the control’s status—whether it is in progress, published but unused, or published and in use.

Updating in-progress controls

Controls that are in-progress can be edited directly.

  1. Press the Edit (Button-Edit.png) button beside the control.
  2. Click on the field to make edits, then click outside it to automatically save your changes.

Updating unused published controls

Controls that are published but have not been used in any risk assessment units must be unpublished before making edits.

  1. Press the view control () button beside the control.
  2. Click the Unpublish button to revert the control into an editable state.
  3. Once unpublished, make the changes and re-publish it when ready.

Updating used published controls

If a control is published and has been used in a risk assessment unit, direct edits are not possible, instead you must make a new version.

  1. Press the View Control () button beside the control.
  2. Click the New Version button to create an editable version of the published control.
  3. Modify the control and publish it when ready.

Once saved, the new version will be applied and the changes will be reflected across the platform.

Any assessments using the previous version of the control will remain unaffected by the changes.

Bulk Updating Controls

The Bulk Update feature on the Controls Library page allows you to update multiple controls simultaneously.

  1. Press the Bulk Update () button.
  2. Use the drop down menu and select a field to update.
  3. Choose from the following options:
    • Category -  Change the Category of the selected controls.
      Note: To update the category, you must first select a domain that matches the control.
    • Status - Archive, delete, or publish multiple controls at once.
      Note: Only controls that don't have any dependencies can be deleted.
    • Type - Change the type of control for selected controls.
    • Question - Copy questions from an existing control.
      Note: To use this, select the same Domain and Category of the control you want to copy the questions from.
  4. With the field and new values defined, select the controls to update using the checkboxes beside the control in the table.
  5. Press the Update button to update selected controls.

Note: If the checkbox is disabled, the action is unavailable based on the control's status.

Archive or Delete a Control

The Delete (Button-Delete.png) button is available for controls that have not been used in assessments. Delete a control to remove it from the control library permanently.

The Archive (Button-Archive.png) button is available for controls that have been used in one or more assessments. Archive a control to hide it from the control library and prevent it from being used in future assessments.

Related articles

Comments

0 comments

Please sign in to leave a comment.