This help article is split into six sections:
- Introduction to risks and controls
- User permissions
- Risks register
- Add a risk
- Add a control
- Attach risk or control to a process step
1. Introduction to risks and controls |
Risk and controls are two item types that allow you to record risk management information within your Connect Web App.
Risks and controls allow you to:
- conduct risk assessments by creating risks within the Web App
- create and assign controls to record how each risk will be managed
- attach controls to a process step.
2. User Permissions |
All system administrators can add, edit and attach risks and controls. In addition, two user permissions have been added. These permissions are:
Permission level |
Description |
Risk Viewer | View Risks |
Risk Editing | Add, Edit and View Risks |
Administrators can assign one or both of these permissions to any user in the system by following the instructions below:
2.1 Go to People>Users and click on the relevant user to open the details for that user.
*Image is for illustrative purposes only. Menu bar options vary based on your permissions or organisation's subscription .
2.2 Scroll down to User permissions and click Change.
2.3 Select all applicable permissions and click OK.
2.4 Click Save.
3. Risks Register |
The list of risks (Governance>Risks) in your Web App is your organisational risks register. You can filter or sort content using the ribbon above the content list. For example, you can sort risks from High to Low to identify areas with greater levels of risk.
Use the arrows above each column to sort the content in the category.
Refer to the following table for guidelines about available content filters:
Field |
Description |
Risk name |
The title of the risk. |
Inherent rating | The rating of the risk without controls in place. |
Rating with Control | The rating of the risk with controls in place. |
Next review | Date of next risk review. |
Status (if RM is enabled) | The publication status of the risk (i.e. Draft, Awaiting Approval, Ready to Publish or Published). |
4. Add a Risk |
4.1 Access the Governance tab and click on the Risks subtab.
*Image is for illustrative purposes only. Menu bar options vary based on your permissions or organisation's subscription .
4.2 Click Add New Risk.
4. 3 Complete all relevant fields.
The risk assessments can be undertaken without controls (first 3 drop down fields) and with controls (last 3 drop down fields). Most organisations will undertake risk assessments with controls.
Field |
Description |
Risk name (mandatory) |
The name of the risk. |
Description (optional) |
A detailed description of what the risk involves. |
External reference identifier (optional) |
If required, a code or reference for this risk (if the risk is also recorded in a different risk system). |
External source link (optional) | The source internet URL if linked from an external system |
Required resolution date (optional) |
The date by which the risk must be managed/resolved. |
Actual resolution date (optional) |
The date when the risk was managed/resolved. |
Related Processes (optional) | Processes relevant to the risk |
Controls to mitigate this risk (optional) |
Any controls that must be used to mitigate the risk. Click Select to attach all applicable controls. You can choose from any controls that have been entered into your Connect Web App. |
Related Improvements (optional) |
Improvements that are related to the risk |
Related Stakeholders |
Any positions that are stakeholders to this risk |
Inherent risk likelihood (optional) |
The likelihood of the risk if there are no controls in place (rare to almost certain). |
Inherent risk consequences (optional) |
The consequences of the risk if there are no controls in place (insignificant to extreme). |
Inherent risk rating (optional) |
The inherent rating of the risk if there are no controls in place (low-high). |
Likelihood with Control (optional) |
The likelihood of the risk if there are controls in place (rare to almost certain). |
Consequences with Control (optional) |
The consequences of the risk if there are controls in place (insignificant to extreme). |
Risk rating with Control (optional) |
The inherent rating of the risk if there are controls in place (low-high). |
Keywords for 'Search' (optional) |
Keywords that users can search for the risk to appear as a search result. |
Remove from view |
If ticked, this item will only be visible to system Administrators in the hidden items subtab (under the Admin tab). |
4.4 Click Save.
5. Add a Control |
5.1 Access the Governance tab and click on the Controls subtab.
5.2 Click Add New Control
5.3 Complete all relevant fields.
Field |
Description |
Control name (mandatory) |
The name of the control. |
Description (optional) |
A detailed description of the control. |
External reference identifier | An identification code/number for the item. This can be used if the item is being migrated from a different system or if a system of identifiers is required. This field is optional. |
External source link | The source internet URL if linked from an external system |
Type (optional) |
How the control will be implemented:
|
Nature (optional) |
The nature of the control:
|
Priority (optional) |
The implementation priority of the control (primary, secondary or tertiary). |
Frequency (optional) |
How often the control will be implemented. |
Mitigates these risks (optional) |
Risks related to this control. Click Add to attach all applicable risks. |
Related Stakeholders (optional) |
Positions that are stakeholders to this item |
Keywords for ‘Search’ (optional) |
Keywords that users can search for the risk to appear as a search result. |
Remove from view (optional) |
If ticked, this item will only be visible to system Administrators in the hidden items subtab (under the Admin tab). |
5.4 Click Save.
6. Attach a risk or control to a process step |
6.1 Access the Operations tab and click on and click on the Processes subtab. Click on the relevant process to open it.
6.2 Access the All Steps subtab.
6.3 Click the editing option that relates to the process section/step you want to edit. This could be Edit Details (for process start points) or Edit Step (for any process step).
6.4 Scroll to the section titled Related Risks / Related Controls and click Add.
6.5 Select all applicable risks/controls and click Select.
6.6 Click Save.