Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

How to Create and Map Risk Controls

Updated:

Created:

Creating and Mapping Controls to the Risks in Your Risk Register

In your KCM GRC platform, you can use controls to document the preventative measures that your organization uses to defend against the risks it faces. 

You can either create new controls for your risks, or if your organization has already added relevant controls to your platform, you can map these controls to the risks in your Risk Register.

See the sections below to learn how to create and map risk controls.

Jump to:

Create a New Control

Map an Existing Control

 

Creating Controls for Risks

You can create controls for your risks, which will automatically map the control to the risk.

To create a control for a risk, follow the steps below:

  1. From your navigation panel, navigate to Risk Management > Risk Register.
  2. From your Risk Register, select a risk to open the View Risk page.
  3. In the Control Treatment section of the page, click the Create Controls button to open the Create Control page. Create Controls button
  4. Fill out the fields on the Create Control page. For more information, see the screenshot and list below:
    Note: We recommend that you avoid including the < and > special characters in these fields.
    Create Control window
    1. Name: Add a name that represents the purpose or scope of the control.
    2. Control Description: Provide a detailed description of the control. We recommend that you include the following information in a control description: what the control is, how to review and assess the control, and what type of evidence is expected to satisfy the control. See our Glossary of Compliance Terms to learn more about control descriptions.
    3. Tags (optional): You can add one or more tags to group similar controls in your platform.
      • To create a new tag: Type one or more words in the field, then press enter on your keyboard to save the tag. Tags have a maximum of 25 characters, including spaces.
      • To select an existing tag: Click the drop-down menu to see existing tags. Click on a tag to add it to the control.
    4. Add Another: Select this check box to add another risk after you finish creating this risk.
  5. Create: Click this button to save and map this control to the risk.
Tip: To ensure that the necessary evidence is submitted for the controls, we recommend that you create tasks for the control. For more information, see our How to Work with Tasks for Controls.

Back to top

 

Map Existing Controls

You may want to map a control to a risk if you've imported controls in bulk, or if your account already has controls in place for your compliance efforts that also assist in monitoring or preventing your organization's risks. 

To map one or more controls to a risk, follow the steps below:

  1. From your navigation panel, navigate to Risk Management > Risk Register.
  2. From your Risk Register, select a risk to open the View Risk page.
  3. In the Control Treatment section of the page, click the Map Existing Controls button to open the Map Controls to Risks pop-up window. Edit Control Mappings button
  4. Next to the control you would like to map, select the check box. To remove a control mapping, clear the check box instead. Selecting risks to map
  5. Click the Save button.
Tip: To ensure that the necessary evidence is submitted for the controls, we recommend that you create tasks for the control. For more information, see our How to Work with Tasks for Controls article.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles