A Risk Control is anything that helps prevent a Risk from being realised via the use of Preventative Barriers, or reducing the impact of the Risk via Recovery Barriers.
By associating Risk Controls with different objects within Centrik you can achieve an overview of ACTUAL risk exposure, based on events rather than an assumed risk exposure.
Risk controls allow for organisations to demonstrate how they are controlling risks, and the effectiveness of the controls. Ultimately it allows you to Find, Manage, and Monitor effective risk management strategies.
Risk Control - Characteristics of the risk control, including default type and relationship
+
Connect object - Risk assessment consequence, SIRA
= Risk control connection – characteristics of the connection including actual type and relationship
Risk control relationships
Preventative Risk Control, looks to prevent a triggering event
Recover Risk Control, looks to prevent an outcome
Risk Control type
Inherent – outside control of risk management
Current – implemented controls in Risk management.
Planned – Future controls, not yet implemented.
Unmanaged and Managed risk controls
There are two types of Risk Controls within Centrik
Unmanaged
- Not part of the organisations Risk Management System
- Cannot be reused (can be added later at a connection level)
- May be relevant only to low-level risk which is managed locally
- Equivalent to adding notes, ensuring that it is documented
- Can be upgraded to Managed
Managed
- A component of the organisations Risk Management System
- Can be reused across hazards and consequences
- Managed by Risk Manager as part of their duties, with ownership assigned to people, departments or roles
- Allows tracking of use of Risk Controls across the organisation
- Cannot be downgraded to unmanaged
Adding Risk Controls
1. Centrik will need to enable Risk Controls onto your Centrik site (some terminology can be adjusted, if required)
2. Centrik will import all consequences from risk assessments and SIRAs(if enabled within your site). These will automatically be labelled as Unmanaged and placed in an imported Risk Control Group (Risk Managers will be able to change the imported unmanaged risk controls into managed risk controls (if required))
After being enabled an area titled ‘Manage Risk Controls’ is viewable on the risk landing page
Risk Controls – A list of all of the consequences from risk assessments within your site that you are able to configure into Managed or leave as Unmanaged
Risk Control Groups – A list of the Risk Control Groups in your site
Risk Controls
1. Click on the ‘Risk Controls’ button.
A search box is displayed, selecting the ‘More options’ button allows you to search in more granular detail
Adding a Managed Risk Control
1. Click on the ‘Add Managed’ button.
2. Give this risk control a number, a name and a description (a high level overview)
3. Specify an owner, this can be an individual, a department or a role (if required)
4. Select the Permitted Risk Subsystems area (where you want it to appear), the number in brackets denotes the number of times it has been used
5. Link to an associated Risk Control Group via the Associated Risk Control Groups area
6. The option to select the default Risk Control Type from the selectable list, this is the default type, but it can set to any of the selectable options at the connection level
7. Click on the ‘Save’ button.
Heading back to the Risk Controls area you can search for the newly created Risk Control using the search function. If recognised the risk control will be displayed.
The Risk Control Quality indicator denotes that this has not been checked
Once this stage has been completed you are able to connect this Risk Control to items such as a risk assessment
Connecting Risk Controls
1. From the main Risk register page select a Risk Assessment
2. Navigate to the Evaluation phase.
3. Hazards and Consequences, from within the Hazards summary area click on the ‘Assess’ button of a hazard
Within the Consequence area now sits the ability to add a risk control
4. Click on the ‘+Add Risk Control’ button
5. Search for a risk control via the search area
6. Enter a description of its use, how you are going to use this.
7. Click on the ‘Save’ button.
Now that the Risk Controls have been created and added through our risk assessments, we ae able to create connections to them.
8. Navigate to the Risk Controls menu (Risk landing page, risk Controls)
9. Search for the Risk Control that you want to connect using the search function
10. Within the Risk Connections Filter area, click on the ‘Add Connection’ button
11. Select which are of your Centrik system this is applicable to from the dropdown and search function
12. Check the box next to the applicable area.
13. Click the ‘Add connection’ button.
This has now been connected, a play button is shown. Clicking on the play button will show more information for that connection, displaying what subsystem it is located in, what check it sits in (if a check) and what checklist (if a checklist)
Navigating back to the Risk Control screen will display all of your risk and the number of connections that they have alongside their associated Risk Control Quality Indicators
Removing a connection
1. Click on the Risk Controls area.
2. Click on the Risk Control you wish to remove the connection from
3. Click on the ‘Edit’ button.
4. Within the Quality Contributor Risk Control Connections area click on the ‘X’ button to the side
5. Click on the ‘Save’ button.
Risk Control Legend
Recently checked
Not recently checked
Unknown
Not checked for an extended period
Never checked
Incomplete
Not Applicable
No Significant Issues
Caution
Alert
Unknown
Risk Control Groups
Risk control groups allows for the possibility to create a hierarchy for Risk Controls. This will form the framework that will allow you to group your risk controls.
1. Navigate to the landing page of the Risk module
2. Click on the ‘Risk Control Group’ button.
Adding a Risk Control Group
1. Click on the ‘+ Add Risk Control Group’ button
2. Give your group a name / title.
3. Click on the ‘Save’ button
Each group can have children or sub-children.
1. Hover over the group that you wish to add children to (the line will change colour)
2. Click on the group name.
3. Click on the ‘Add Child’ button under the Risk Controls section
4. Enter a name for the child group.
5. Click on the ‘Save’ button.
Moving back to the risk control group page you can see the parent and child group created
Removing a Risk Control Group
1. Select the risk control by its name
2. Click on the ‘X Archive’ button.
Archived groups can be restored by selecting the ‘Show Archived Risk Control Groups’ checkbox, selecting the archived group and clicking on the ‘Restore’ button