Capture Risk and Controls
Risk and Control objects are added via the Navigation menu. It is possible that you do not immediately see Risk and Control objects in the Navigation menu (this depends on the settings in your system), you can make them visible via the button at the bottom left .
Risk and Control objects can apply to many aspects of a Process: e.g. financial, commercial, technical, quality.
Comm’ant’s emphasis is on clear definitions of Risk and Control measures and their relationship to process, information, and people. Other tools are used to capture operational data and compile it into information, for example, numerical reports and graphical displays of information. This type of reporting can be linked within Comm’ant with shortcuts in the document section.
Once a Risk and Control object is determined it can be linked to that Process chain, Process, and to those Information flows to which the Risk is related and the Controls are in place.
To create Risk and Control objects, make sure you are in Develop Mode via the switch in the Application bar (right behind your Username).
Create a new Risk and Control from the Navigation menu:
Select Risk and Control in the Navigation menu, right-click and select “Add Risk and Control” or click “Add” in the top right corner of the Main screen.
Create the object with at least the name by entering it in the “Risk and Control name” field. The name can be changed later on.
Risk and Control objects are used to identify risk and describe the control measures implemented to manage the risk to an acceptable level. Make sure the type of risk and the subject of the Risk and Control objects are made clear in the name.
- Financial consolidation, general ledger account definition
- Performance reporting, date/time order definition
- The credibility of the customer, financial position
- The reliability of the employee, credit control
Add more information and save when you are done using the Save button at the top left:
- Fill in the Description Describe the content. If you want to go into details, decide whether these details should be clarified here or at a lower level. Extended descriptions can also be added as a document. You can refer to the document in the Description.
- Add Remarks. Write specific comments here, especially during development and changes to the system. When you use special characters, such as @@ in combination with your initials and followed by a comment, you can easily find your comments with the search function, follow up and complete the work.
- The Sort index allows you to influence the order in which Comm’ant sorts the objects. If nothing is entered here, the objects are sorted in alphanumeric order. Using the Sort index changes the order. The order will then be sorted according to the Sort Index, again in alphanumeric order. The objects that have no value in the Sort Index field will be sorted in alphanumeric order, at the end of the total list.
- With Valid until you indicate when the content of the object must be reviewed. Comm’ant automatically assigns the current date plus one year to this field. This date can be changed if the period of validity ends on another date. Passing the date will not change the display. An overview of the objects whose date is about to expire or have expired can easily be created via a report.
- The Validated checkbox ensures that the newly created object is validated. If this box is not checked, the object will keep the encoding “Not validated” in the system. The advantage of this is that you can make an extra check on your recent additions in Comm’ant. You can generate an overview based on the status “Not validated” to show all changes and then go through them again, reviewing them for consistency and correctness before validating them. Validate the object by ticking the checkbox.
- The Revision field automatically shows the save date and time.
After saving, you also have the option to complete the Risk and Control with connections to other objects: Groups, Roles, and Documents/Links
These can be existing or new objects. Existing objects are displayed in the connect boxes. You can create new objects right here via the plus sign at the top edge of the connect box. It is possible to disconnect existing links using the red unlink icon.
- When you connect the Risk and Control object to Documents, you add links to files or shortcuts. Select an existing document or create an object for a new one.
- Choose which Group (or Groups) this Risk and Control object belongs to. Usually, the Groups are named by the type of objects and a connection to one Group is required. When you link the new Risk and Control object to a Group, it will appear in the Navigation menu in the folder of this Group, otherwise, you will find the Risk and Control object in the folder “Not classified”.
Note: The changes in the text and date fields are saved via the Save button, other changes such as creating or deleting links are immediately updated; it is not necessary to save them explicitly.
To change a Risk and Control object:
To be able to modify a Risk and Control object, make sure you are working in Develop Mode via the switch in the Application Bar.
When you select a Risk and Control object in the Navigation menu with the left mouse button, you immediately have the possibility to change it.
You can save the changes via the “Save” button.
To delete a Risk and Control object:
When you delete a Risk and Control object, all links it has had to Process chains, Processes and Information flows, as well as links to Roles, Organizations, and Documents/Links will be deleted. The other sub-objects, such as Roles, Organization, and Documents/Links, remain in the system.
A Risk and Control object can be deleted by clicking on “Delete”. You will first receive a confirmation request before the Risk and Control object disappears. Deleting is irreversible.
Inform the Users:
When you make significant changes, you may notify affected Users. You can do this efficiently via e-mail via the Mail button in the top right corner of “Share”.
When changing one Risk and Control object, you can decide whether to inform selected Users related to the entire Process chain, Process, and, or the Users associated with the Input and Output of the Risk and Control object.