Platform: Risk Assessment Platform
Applies to: End User Roles (e.g. Standard, Approver)
The Control Assessment page provides a view of the controls in the assessment unit, and this is also where the controls are added and an assessment of each control is conducted, with comments and supporting evidence.
The Controls Assessment page consists of 2 tabs:
- Controls Summary - Dashboard summarising the controls linked to the assessment unit.
- Controls Questionnaire - Details page for each control where data is captured.
This is a dashboard summarizing the control categories and controls added to the assessment unit. It is designed to monitor the progress of controls across the assessment unit.
Controls Summary columns:
- Controls - Unique name of the control
- Key - Optional, to identify a control as being key in mitigating risks. Appears in the report and does not affect the rating calculations.
- Weight - The relative importance of the control and control category. Used to calculate the controls effectiveness rating for the assessment unit. Adjust the weight of controls and categories by selecting the hyperlink (weight in blue text).
- Status - The status of the control will be Not Assessed, Completed, Awaiting Approval or Approved.
- Assignee - The team member allocated to analyse the assess the effectiveness of the control and submit their assessment.
- Approver - The team member allocated to review and approve the analysis.
- Control Effectiveness - Calculated from the answers to the control metrics based on the linked methodology.
- Actions column:
- Use the Delete button () to delete the control from the assessment unit.
- Use the Link button () to link the control to risk factors.
Use the Add Controls button to add controls from the control library.
The pop-up window lists Controls matching the Domain of the Risk Model that was selected at Assessment Unit creation.
Control Weightings apply to the control categories and controls. The weighting is used to assess the relative importance of the Control with respect to managing the risk and is used in the calculation of the Overall Control Effectiveness.
Weightings are equally distributed when controls are added to the assessment unit the first time. Subsequently added controls are added with a "0" weighting.
Controls and categories can have a 0 weighting if you want to exclude them from the control effectiveness rating calculations.
Weightings within each tier must add up to 100%. If a tier does not add up to 100% the weight value will appear in red with an exclamation point to alert you that action is needed.
Adjust the weightings of controls and control categories by selecting the first weighting value in each tier - look for the hyperlink.
Assess a Control
Select a control name to begin an assessment of the effectiveness of that control and capture detailed data. This is done on the Controls Questionnaire page.
This is a detailed view of the control with control metrics to assess its effectiveness.
Every control in the assessment unit has a questionnaire page for assessing the effectiveness.
- Control Category (upper left) - Name of the category of control.
- Status (lower left) - The status of the control will be Not Assessed, Completed, Awaiting Approval or Approved.
- Collapse/Expand all - Show or hide the sections Control Test Results and Actions.
- Control Name - Name of the control added to the assessment from the control library.
- Type - The type of control: Preventative, Detective, Corrective, Unspecified, Unknown.
- Weight - The relative importance of the control and control category. Used to calculate the overall controls effectiveness rating for the assessment unit. Adjust the weight of controls and categories by selecting the hyperlink (weight in blue text).
- Assignee - The user allocated to complete details for the control.
- Approver - The user allocated to approve the control after it is submitted by the assignee.
Complete the details:
- Control Metrics - The questions relating to the effectiveness of the control.
- Control Effectiveness Rating - This is derived from the answers to the metric questions, based on the methodology selected at assessment creation.
- Key checkbox - Optional, to identify a control as being key in mitigating risks. Appears in the report and does not affect the rating calculations.
- Link - Use the Link button () to link the control to risk factors.
- Comments - For providing additional context behind the control and metric answers.
- Control Test Results - Information to conduct testing of the control and suggested evidence (optional), with space to add comments about the testing results and evidence.
- Stakeholders Consulted - Details of people consulted to assess the control.
- Attachments - Use to attach supporting documentation.
- Use the New button () to create a new action. Complete the details.
- Use the Link button () to link to an existing action.
- Use the Edit button () to edit a linked action.
- Use the Unlink button () to unlink an action.
- Submit – Submit the control data with or without comments.
- Approve/Reject - Approve/reject the control with or without comments by the approver allocated on the risk. Note: The control questionnaire pages can also be reopened.