The Corporate Governance module itself is accessed via the toolbar at the top of the Dashboard screen by clicking on the 
tab; this brings up the following screen:
The top of the screen shows details regarding the Entity selected as representing Corporate Risks. Each of the individual Corporate Risks is then shown, along with the attribute under threat, the likely impact on the organization should the threat occur and the likelihood of the threat occurring in the absence of controls. The Target, Working and Actual Risk Scores are also shown for each risk. To the right of these scores is a column to record whether or not the current control environment surrounding each individual risk can be considered satisfactory or not. Having considered all of the risk attributes and compared the Actual control environment with the Target environment a decision is made as to whether or not the current situation for that risk is acceptable; click on "Edit" button in the left-hand corner of the toolbar at the top of the screen and then place a tick in the box under “Satisfactory”, or indeed remove a tick from there if your opinion has since changed.
Click on the “arrow” next to the risk number and the following will appear:
This will show the entities linked with each corporate risk and the risks within the entities that have been linked to that corporate risk as well as the control environment of each linked risk.
For the Board to appreciate the full implications of the conclusions about individual risks it is necessary for them to understand whether the control environment giving rise to the risk scores has been tested or not. It is quite possible, especially when the system is relatively new, that the risk scores will have been derived from the workshops used to set up the data initially and no testing of the controls considered to be in place has been conducted. Obviously, this would have a bearing on how much reliance could be placed on a judgement of “Satisfactory” against a particular risk. To cater for this the system has a “Tested” column on the far right of the screen in which a tick can be placed to indicate that the control environment has been tested. Again, click on "Edit" button and place a tick in the box for whichever risk has been Tested.
Upon testing the controls (within entities) that have been linked to a Corporate risk the system will reflect the result of the control environment for the Corporate risk in accordance with the following:
•Give the risk a Green colour to indicate that the risk environment is an A,
•Give the risk a Yellow colour if the environment dropped from an A to B
•Give the risk a Red colour if the environment changed to C or D
The aforementioned is shown in the “Control Env. Indicator” column.
If there are many Corporate Risks each with differing standards of control, some of which have been tested and some of which haven’t, it can present a confusing picture as to the overall standard of control being exercised over Corporate Risks. To help clarify this picture the system provides a means for whoever is reporting to the Board (Risk Manager, Head of Internal Audit, and Head of Compliance etc.) to give their view of the overall control environment surrounding these risks. This is done by giving an overall rating using the box in the top right corner of the form:
Note that when selecting a Risk in the module you will be directed to the Risk in the related Entity (Entity Listing Screen). The “back” button will allow you to return to the Corporate Governance Module.