At some point in the Risk Profiling process, you will find that there are insufficient controls to fully mitigate a risk and therefore, if the risk is of sufficient importance to justify installing additional controls, recommendations for remedial action will be made. Since these recommendations may take several months to implement, it is important that development progress can be monitored and followed-up if required. This is done using the Diary system.
Note: There are a number of places within the system where Diary entries can be added, for example in the Risk Screens and Control Screens. In addition, the Diary facility can be used to record Audit recommendations as well as remedial actions relating to identified events
Click on the "Diary" tab and this will bring the Diary function to the foreground:
To enter a new diary entry, click “Add New" and the following screen will appear:
The components of the diary screen are as follows (Mandatory fields are highlighted in Gray):
Diary Subject: enter the nature of the remedial action being proposed such as "Sequential numbering of forms" or "Improving the robustness of passwords".
Risk/Control: this field is populated by the system; it is the number and description of the risk or control where the Diary entry is being made.
Diary type: there are two types of diary entries to choose from, "general" which relates to the enhancing of existing controls and procedures, and "New Control" which, as the name suggests is a recommendation for the design and development of an additional control. Generally speaking, it is more expensive to add new controls than it is to enhance what is already there, which is the reason for the split. If you choose "New Control" you will be prompted to choose a "Control Type" from the dropdown menu.
Raised by: this field is completed by the system and shows the name of the user who was logged into the system when the Diary entry was raised.
Action by: this field indicates to the party responsible for managing the remedial action. Click on the downward arrow and a list of all names in the “Responsibility” table set up earlier will appear. Simply pick a name from the list, click on it and it will be inserted.
Action Date: to set the expected date for completing the remedial action, click on the calendar icon 
, and the calendar will appear:
Use the arrow keys to select the month and year and then click on the relevant day of the month and the entry will be saved
Follow-up date: to set the expected date to follow-up on the remedial status, click on the calendar icon , and the calendar will appear:
Use the arrow keys to select the month and year and then click on the relevant day of the month and the entry will be saved
Note: system will set the follow-up date before one month of the action date automatically, user also can adjust the follow-up date
Raised on: this field is generated by the system; it shows the date on which the diary entry was raised.
Actioned/Closed date: once the remedial action has been implemented its status (see below) will be changed to "Actioned" or "Closed"; the date this happens will be recorded by the system here.
Status: entries are automatically set up as “Raised in Draft”, but obviously they move through different stages as the proposal for remedial action gets processed and finally implemented. By clicking on the downward arrow, you can change the status of an individual recommendation, the choices are:
Updated by: this field is system generated and not available for data entry; it shows who has adjusted the entry since it was initially set up.
Internal Audit Related: if the recommendation is made as a result of an Internal Audit review, place a tick in this box.
Action and Comments tabs: the “Action” field is mandatory; it records the detail of the remedial action is to be taken. The “Comment” field is optional and allows comments to be made about the progress of the remedial action.
Completed% - using this field you can enter the percentage of completion for the diary.
Priority using - this filed you can define the priority level (High, Medium or Low) for each diary.
Raised by (department) - use the drop-down list to select which department (Risk Management, Internal Audit or Compliance) raised the diary.
Rel. Risks: if the diary entry is described as a "New Control", this new tab will open, if you click on it you will get the following screen:
You are presented with all risks in the Entity, including the one for which you are making the diary entry, and you have the ability to show whether the new control you are recommending will have any effect on other risks; if you think it will, you score it in the Predicted Score column, on a scale of 1 - 5 in just the same way as you do for the “Risk Matrix” (see later).
Use the "Save" button at the top left-hand side of the screen to save the record and return to the Risk screen.