Risk and Control
The Risk and Control object is used to identify known risks with the associated Control measures, also naming those responsible and the possible scenarios to manage the risks.
An optimal definition of this type of object establishes:
- Unambiguous name and characterization
- What the risks are
- When the risks may occur
- What the potential consequences are
- Why something is identified as a risk
- Which control measures are in place
- Where (in the Processes) these are implemented
- Who (from the Processes) is responsible and who is involved
- Which scenarios are described in case the identified Risk manifests itself.
- Which instructions and checklists have been made, supplemented, or adapted
- Where (in the process) is reported to whom, when, etc.
The Risk and Control can be of an abstract nature or can be very specific and detailed. Therefore, they are associated with:
- Process chain or Process that is known as the source or cause of the Risk and possibly the Process that specifically manages this Risk;
- Input and output where the Control measures are specifically implemented;
- Input and output where is measured and/or reported on the actuality with regard to this Risk;
- Those responsible, the process manager and/or process owner – ‘via the process link’;
- Administrators with direct roles in the Risks and Control object;
- Documents/links around the process, which include further details and instructions, etc.
Folder structure/groups
The folder structure is built around the types of Risks and Controls created within the organization. The Risk and Control object comes in various types and can be grouped accordingly. It is possible that a Risk belongs in two groups and is shown as such in both.
Example of Risk types:
- Health risks
- Environmental risks
- Commercial risks
- Technical risks
- Financial risks
- Political risks
When you click on a folder or group Risk and Control, the tree structure opens, and at the same time, Comm’ant shows the contents of the folder in question on the Main screen. You select the contents of the folder by either clicking the desired Risk and Control in the tree structure or in the Main screen.
Selected Risk and Control
After selection, the Main screen shows more detailed information about the Risk and Control.
Note:
These fields are only shown when they contain information.
Name
The name of the Risk and Control.
Definition
If a description is included with Risk and Control, this will be displayed.
Remarks
If remarks are included with the Risk and Control, these will be displayed.
Boxes
At the bottom are the boxes that show which attributes are linked to the Risk and Control. These boxes show the attribute title in the top bar with the specific attributes below. These blue boxes represent the attributes that are directly associated with Risk and Control.
By clicking once on the top bar, all boxes are minimized or maximized. Clicking the same spot again has the opposite effect.
Connections of a selected Risk and Control
Just above the Navigation menu is the button that opens the Links-tab. This button shows the Links menu instead of the Navigation menu; an overview of the direct and indirect links of a selected Risk and Control with other objects:
| Verbinding met | Verbinding hoe |
| Process chains | directly |
| Processes | directly |
| Roles and positions | direct on the Risk and Control |
| Documents | directly |
Note: The Links button 
has two options: Linked objects and Dynamic links.
- With ‘Dynamic links menu
enabled, the links menu will alter every time a different element is displayed on the Main screen. - With ‘Linked objects menu’
enabled, the links menu will remain the same regardless of what is displayed on the Main screen.
The default setting of this button is the ‘Linked objects menu’, but hovering over the button enables you to select ‘Dynamic links menu’ as well. With ‘Dynamic links menu’ enabled, the icon gets an asterisk for recognition: .