Skip to main content

Manage Risks and Controls

Updated

 

Applicable to Centro QMS/QMS Starter, Centro KMS
NOT applicable to Centro ESSENTIALS

Introduction to risks and controls

Risk and controls are two item types that allow you to record risk management information within your Centro web app. 

 

Risks and controls allow you to: 

  • conduct risk assessments by creating risks within the web app
  • create and assign controls to record how each risk will be managed
  • attach controls to a process step.

 

User permissions

All system administrators can add, edit and attach risks and controls. In addition, two user permissions have been added. These permissions are:

Permission level

Description

Risk viewer

View risks.

Risk editing

Add, edit and view risks.

 

Administrators can assign one or both of these permissions to any user in the system by following the instructions below: 

1. Go to People>Users and click on the relevant user to open the details for that user.

1.jpg

2. Scroll down to User permissions and click Change

2.jpg

3. Select all applicable permissions and click OK. 

3.png

4. Click Save.  

4.jpg

 

Risks register

The list of risks (Policies>Risks) in your web app is your organisational risks register. You can filter or sort content using the ribbon above the content list. For example, you can sort risks from High to Low to identify areas with greater levels of risk. 

Use the arrows above each column to sort the content in the category. 

5.png

Refer to the following table for guidelines about available content filters: 

Filter 

Description 

Risk name

The title of the risk.

Inherent rating

The rating of the risk without controls in place.

Rating with Control

The rating of the risk with controls in place.

Next review

Date of next risk review. 

Status (if RM is enabled)

The publication status of the risk (i.e. Draft, Awaiting Approval, Ready to Publish or Published).

 

Add a risk 

1.  Access the Policies tab and click on the Risks subtab. 

6.jpg

Release management (RM) features 

If you have RM features enabled, your RM workflow will appear. Click OK to start editing. 

 

2. Click Add New Risk.

7.jpg

 

4. Complete all relevant fields.

The risk assessments can be undertaken without controls (first 3 drop down fields) and with controls (last 3 drop down fields). Most organisations will undertake risk assessments with controls.

 

8.jpg

Field 

Description 

Risk name (mandatory)

The name of the risk.

Description (optional)

A detailed description of what the risk involves.

External reference identifier (optional)

If required, a code or reference for this risk (if the risk is also recorded in a different risk system).

External source link (optional)

Link to external documentation

Required resolution date (optional)

The date by which the risk must be managed/resolved.

Actual resolution date (optional)

The date when the risk was managed/resolved.

Related processes (optional)

Processes related to the risk. 

Controls to mitigate this risk (optional)

Any controls that must be used to mitigate the risk. Click Select to attach all applicable controls. You can choose from any controls that have been entered into your Centro web app.
Related improvements (optional) Improvements that are related to the risk

Inherent risk likelihood (optional)

The likelihood of the risk if there are no controls in place (rare to almost certain).

Inherent risk consequences (optional)

The consequences of the risk if there are no controls in place (insignificant to extreme).

Inherent risk rating (optional)

The inherent rating of the risk if there are no controls in place (low-high).

Likelihood with control (optional)

The likelihood of the risk if there are controls in place (rare to almost certain).

Consequences with control (optional)

The consequences of the risk if there are controls in place (insignificant to extreme).

Risk rating with control (optional)

The inherent rating of the risk if there are controls in place (low-high).
Keywords for search (optional) Keywords that users can search for the risk to appear as a search result.
Remove from view If ticked, this item will only be visible to system Administrators in the hidden items subtab (under the Admin tab).

 

 

5. Click Save

9.jpg

 

Release management (RM) features 

If you have RM enabled, approve and publish the risk using the RM workflow. 

 

Add a control 

1. Access the Policies tab and click on the Controls subtab.

11.jpg

 

Release management (RM) features 

If you have RM features enabled, your RM workflow will appear. Click OK to start editing. 

 

 

2. Click Add New Control

12.jpg

 

3. Complete all relevant fields.

13.jpg

 

Field 

Description 

Control name (mandatory)

The name of the control.         

Description (optional)

A detailed description of the control.

External reference identifier (optional)

A number/identifier for the item based on your internal identification system. 

External source link (optional)

Link to external documentation

Managing Business Unit

The Business Unit that needs to manage this piece of content (applies only if you have Business Units implemented, see Business Unit Basics for more information)

Type (optional)

How the control will be implemented:

  • Manual=the control implemented and managed by people.
  • IT Department=the control needs some information technology systems to be implemented and managed.
  • Automated=information technology systems can implement and manage the control automatically (i.e. without the involvement of people).

 

Nature (optional)

The nature of the control: 

  • Preventative= the control will be implemented to prevent risks.
  • Detective= the control will be implemented to detect the presence of risks. 
  • Corrective= the control will be implemented to correct risks. 

Priority (optional)

The implementation priority of the control (primary, secondary or tertiary).

Frequency (optional)

How often the control will be implemented.

Mitigates these risks (optional)

Risks related to this control. Click Add to attach all applicable risks.

Keyword for 'Search'

Keywords that users can search for the risk to appear as a search result.

Remove from view

If ticked, this item will only be visible to system Administrators in the hidden items subtab (under the Admin tab).

 

 

4. Click Save. 

14.jpg

 

Release management (RM) features 

If you have RM enabled, approve and publish the control using the RM workflow. 

 

Attach control to a process step 

1. Access the Processes tab and click on the relevant process to open it. 

2. Access the All Steps subtab. 

15.jpg

3. Click the editing option that relates to the process section/step you want to edit. This could be Edit Details (for process start points) or Edit Step (for any process step). 

16.jpg

Release management (RM) features 

If you have RM enabled, click Start Editing to activate the policy editing interface.  

 

4. Scroll to the section titled Risk Controls and click Add.

17.jpg

5. Select all applicable controls and click Select.

18.jpg

Tip 

You can select and attach multiple controls by holding down Ctrl and clicking on each risk that you want to attach.

 

6. Click Save.

19.jpg

Release management (RM) features 

If you have RM enabled, you can approve and publish the control using the RM workflow.

 

Attach risk or control to a process

1. Access the Processes tab and click on the relevant process to open it. 

Screenshot_106.jpg

2. Access the Step-by-step subtab and click Edit Details. 

Screenshot_107.jpg

3. Scroll to Related Risks or Related Controls (whichever is relevant) and click Add. 

Screenshot_108.jpg

4. Select the relevant risk/control and click Select. 

Screenshot_109.jpg

5. Click Save

Tip

You can view all the items related to specific risks/control by accessing a specific risk/control and clicking on the Related items subtab. 

Screenshot_105.jpg

 

Related articles

Powered by Zendesk