In the KCM GRC platform, you can use controls to document the preventative measures that your organization uses to defend against the risks it faces.
You can create new controls for your risks, or if your organization has already added relevant controls to your compliance management module, you can map these controls to the risks in your Risk Register. See the sections below to learn more.
Navigating to the View Risk Page
To create or map a control to a risk, you will first need to navigate to the View Risk page. Follow the steps below:
- Navigate to your Risk Register. From the navigation panel on the left-hand side, click Risk Management > Risk Register.
- Use the Search by Risk Name search field to search for a specific risk, or click the arrow on the left-hand side of a category name to expand the category and browse through your risks.
- Click the risk name to open the desired risk.
From the View Risk page, you can either create a control or map an existing control. Once you've created or mapped one or more controls to the risk, they will be displayed in the Controls area.
See the subsections below to learn more.
Create a New Control
To create a new control for a risk, click the Create Control button from the Controls area of the View Risk page. Then, add the control details, as outlined below.
- Name: Add a name that represents the purpose or scope of the control.
- Control Description: Provide a detailed description of the control. We recommend that you include the following information in a control description: what the control is, how to review and assess the control, and what type of evidence is expected to satisfy the control. See our Glossary of Compliance Terms to learn more about control descriptions.
- Tags (optional): You can add one or more tags to group similar controls in your platform.
- To create a new tag: Type one or more words in the field, then press enter on your keyboard to save the tag. Tags have a maximum of 25 characters, including spaces.
- To select an existing tag: Click the drop-down menu to see existing tags. Click on a tag to add it to the control.
- Risk Treatment Score: Enter a number that represents how well the control prevents or mitigates the risk.
- Add Another (optional): If you'd like to create another control for this risk, click this checkbox before you click the Create button.
- Create: Click this button to save and map this control to the risk.
Map an Existing Control
You may want to map a control to a risk if you've imported controls in bulk, or if your account already has controls in place for your compliance efforts that also assist in monitoring or preventing your organization's risks.
To map one or more controls to a risk, from the View Risk page, click the Edit Control Mappings button. Then, follow the steps below.
Mapping Controls to a Risk
- Find the control that you need to map by searching for keywords in the search fields under the Name or Description columns.
Tip: If text is cut off in the fields under the Name or Description columns, hover over a field to view the full text.
- To browse through all of the controls, scroll to the bottom of the window and click the arrow icon buttons.
- Once you find the desired control, click the Map button under the Actions column on the right-hand side.
Tip: If you need to unmap a control from the risk, click the Unmap button.
- Under the Treatment Score column, enter a number that represents how well the control prevents or mitigates the risk.
- Click the checkmark icon button to save the treatment score and map the control to the risk.
- When you've finished mapping controls, scroll to the bottom of the window and click Done.