Risk Management Module

How to Create and Map Risk Controls

In your KCM GRC platform, you can use controls to document the preventative measures that your organization uses to defend against the risks it faces. 

You can either create new controls for your risks, or if your organization has already added relevant controls to your platform, you can map these controls to the risks in your Risk Register.

See the sections below to learn how to create and map risk controls.

Jump to:

Create a New Control

Map an Existing Control

Creating Controls for Risks

You can create controls for your risks, which will automatically map the control to the risk.

To create a control for a risk, follow the steps below:

  1. From your navigation panel, navigate to Risk Management > Risk Register.
  2. From your Risk Register, select a risk to open the View Risk page.
  3. In the Control Treatment section of the page, click the Create Controls button to open the Create Control page. Create Controls button
  4. Fill out the fields on the Create Control page. For more information, see the screenshot and list below:
    Note:We recommend that you avoid including the < and > special characters in these fields.
    1. Name: Add a name that represents the purpose or scope of the control.
    2. Control Description: Provide a detailed description of the control. We recommend that you include the following information in a control description: what the control is, how to review and assess the control, and what type of evidence is expected to satisfy the control. See our Glossary of Compliance Terms to learn more about control descriptions.
    3. Tags (optional): You can add one or more tags to group similar controls in your platform.
      • To create a new tag: Type one or more words in the field, then press enter on your keyboard to save the tag. Tags have a maximum of 25 characters, including spaces.
      • To select an existing tag: Click the drop-down menu to see existing tags. Click on a tag to add it to the control.
    4. Add Another: Select this check box to add another risk after you finish creating this risk.
    Create Control window
  5. Create: Click this button to save and map this control to the risk.
Tip: To ensure that the necessary evidence is submitted for the controls, we recommend that you create tasks for the control. For more information, see our How to Work with Tasks for Controls.

Map Existing Controls

You may want to map a control to a risk if you've imported controls in bulk, or if your account already has controls in place for your compliance efforts that also assist in monitoring or preventing your organization's risks. 

To map one or more controls to a risk, follow the steps below:

  1. From your navigation panel, navigate to Risk Management > Risk Register.
  2. From your Risk Register, select a risk to open the View Risk page.
  3. In the Control Treatment section of the page, click the Map Existing Controls button to open the Map Controls to Risks pop-up window. Edit Control Mappings button
  4. Next to the control you would like to map, select the check box. To remove a control mapping, clear the check box instead. Selecting risks to map
  5. Click the Save button.
Tip: To ensure that the necessary evidence is submitted for the controls, we recommend that you create tasks for the control. For more information, see our How to Work with Tasks for Controls article.

Can't find what you're looking for?

Contact Support