RISK CONTROL GRID IN THE RISK ASSESSMENT
The visibility of the control grid in the risk assessment is based on the configuration activation in Risk field configuration area.
The Column visibility in the control grid is based on the control field configuration while the column order is based on the configuration set for control detail area.
Further, when multiple columns are added exceeding the standard screen width, then scroll bar is displayed below the grid.
The Edit and delete controls will be display next to the added controls.
Adding a new control to a risk
New control can be added against a risk by entering the details in the grid and clicking ‘+’. When fields are made required in the configuration those validations are checked.
Linking an existing control to a risk
Clicking the ‘Select Existing Control Template’ button, user can select an existing control and link to the risk.
Clicking the button will open a pop-up, listing all the existing controls for the origination (refer figure 20). Once an existing control is linked to the risk, data will be maintained uniquely for that risk.
Search area is provided in the existing control screen for the user to filter out the controls –refer figure 21 Field configured for the search area in the setting screen are displayed here.
User Permissions for adding/linking control to a risk
Edit, delete, add based on linked risk user permission.
E.g. if logged in user does not have permission to edit the risk, the control grid edit/delete and add icons will be disabled.
Permission is granted to the control owner and control authorizer to update data except the following;
Control owner: cannot change own name, control authorizer name, rating and control title
Control authorizer: cannot change own name, control owner rating and title.
Security Logic implemented on Risk Controls: Controls are checked or newly identified during the risk assessment process. Basically when a risk is assessed, you check if there are any existing controls in place to minimize the risk of it happening. So the risk controls are taken as global templates. Hence, title can be edited if you have permission to add/edit a RISK . Controls owner and authroizers are the people who manage the existing control – so title is not given for those users to edit.
Responsible people for the controls (both the control owner and authorizer ) are given by the risk responsible people (risk RO or higher permission user). Hence, control owner and authorizers cannot change his/her own names. Also they cannot change the other person’s ratings.
RISK CONTROL DETAIL SCREEN
The user can navigate to the control detail screen from the control register or from control grid in risk assessment screen. The field configuration in control details such as field type, label name, ordering is based on the configuration in control field configuration area.
When the ‘solution grid’ is activated, the standard risk solution grid will be displayed where user can enter solutions for the control. The control solutions entered here will be added to the ‘Risk Solution’ grid in the risk assessment area.
User permission in risk control detail
Edit, delete, add are based on risk user permission.
Permission can also be given to control owner and control authorizer to update data except the following;
Control owner: cannot change own name, control authorizer name, authorizer name and control title.
Control authorizer: cannot change own name, control owner rating and control title
RISK CONTROL SOLUTION GRID
By clicking the solution title, the user will get navigated to the solution detail screen (existing risk solution detail screen is displayed here). Control solutions also can be linked to organization hierarchy, similar to risk solutions. Refer figure 23
User permission in risk control solution grid
Users with add/edit/delete permission for the risk which the solution is link to
Users with add/edit/delete permission for the control which the solution is link to
Solution owner
RISK CONTROL DOCUMENT TAB
This tab will be activated based on the configuration.
Both documents and hyperlinks can be included here for the control. The Control name will be displayed just above the document upload area. Upon closing, the user will be navigated control detail screen.
Risk control name is displayed at the top of the document screen.
User permission in the document tab
Users with add/edit /delete permission for the risk can upload documents and include hyperlinks for the controls.
Control owner and authorizer also can add documents and hyperlinks
Risk controls can be linked with audit using this area. This tab will be activated based on the configuration. Also visibility of the tab based on Audit Module activation.
The risk control title is displayed on the top of the screen:
Managing already linked Audis:
First part of the screen displays already linked audits with the ‘delete’ button next to each.
Audit title and Primary responsible officer is displayed in the grid.
Audit title is hyperlinked and user is navigated to the Audit detail screen in the audit module.
Linking new Audits
Second part of the screen allows the user to link audit to risk controls.
Using ‘Add Audit’, new audit can be linked to the control.
Pop-up is displayed listing all audits (active only by default), with a check-box next to each.
Multiple audits can be linked for the control.
Once audits (s) are selected, click save button to add the audits to the grid.
Closing the screen should navigate the user to ‘control detail’ screen.
Search audits
Search is included in the audit linking screen for the user to filter out the necessary audits.
User permission
Users with add/edit/delete permission for the risk can link audit /delete audit.
Control owner and authorizer also can add and delete linked audits.
Copyright © 2014-2015 CAMMS Online Help. All rights reserved.
Last revised: December 01, 2015