Applies to: Risk Assessment Platform
Questions
- Can you apply an approval process to the override that is specific to the change in Control Effectiveness, not just overall to the assessment of the risk factor?
- When the Approver is approving the overall assessment of the risk factor, can they be alerted that the default Control Effectiveness has been overridden?
Background
The Control Effectiveness Rating defaults to a value depending on the values to the Design (Present; Fit for Purpose) and Performance (Implemented; Operating Effectively) fields. This is driven by what is defined in the Methodology. A user can then override the default Effectiveness rating.
Answer
Current functionality (v1.7.5) only allows the control effectiveness to be changed to a 'worse' rating (e.g.: Adequate can be lowered to Poor) but not a better rating. The audit trail includes any changes made.
In a future release of the platform, there will be an "override" concept to risk indicators and control effectiveness. This new function will be permission-based and any changes from overrides will be highlighted and included in reporting.
Comments
0 comments
Please sign in to leave a comment.