5.2.3.2 Related Controls

<< Click to Display Table of Contents >>

Navigation:  5 Entity Risk Profiling > 5.2 RISK DOCUMENTATION (Capturing Risk Data) > 5.2.3 Risk Screen Tabs >

5.2.3.2 Related Controls

This field is initially populated by the system after the controls in the system have been evaluated: it details all controls identified as impacting on the risk concerned. This means that the following fields are not available to be changed:

No.

Description

Type

Status

Score.

The column headed "Key" shows whether the system has determined the relevant control to be an important key control in mitigating the risk (more on this later in the “Risk Matrix” section). Hyperlink to section

The columns headed "Use Working" and "IA Use Working" are in the nature of “over-ride" buttons. When controls are tested, using predefined Compliance Tests, the system will capture the control’s effectiveness and apply this data across all of the risks the control mitigates. Whilst leaving the original scores in the matrix intact, the system decrements their effectiveness, removing 1 where a control is working “Mostly”, 3 where it is “Sometimes” working and negating the score entirely where a control never works. No score is allowed to fall below zero. This approach can have a drawback in that a control that is “Sometimes” working might have a portion that is still effective in mitigating a risk. To address this issue, we place a tick in the “Use Working” box. This will have the effect of over-riding the “Sometimes” score and leaving the original score in place.