Who is this article for?Risk Managers responsible for managing risk assessments.
Staff access to edit risk matrices is needed.
Control effectiveness outlines the overall efficacy of the specific control relating to the risk it has been applied for.
This article outlines how to create effectiveness ratings and apply them to controls. This article does not include any details on how to create or manage the controls (please visit How to Create and Manage Controls for details on how to create or delete a control).
To make managing control effectiveness easier to learn, this article is split into 6 sections so that you can either walk through the steps in sequence or you can jump to the section relevant to what you are doing in Q-Pulse Cloud:
- Common Control Effectiveness Ratings
- Create Effectiveness Rating
- Manage Effectiveness Rating Order
- Set the Effectiveness of a Control
- Change the Effectiveness of a Control
- Further Reading
1. Common Control Effectiveness Ratings
There is no right or wrong method on approaching control effectiveness. The effectiveness ratings you choose will be based on the requirements of your organisation and the individual risks they are applied to.
Common control effectiveness ratings include:
- Fully Effective: The control addresses the root cause and is completely effective.
- Substantially Effective: The control is effective with a large degree of efficacy but is not 100% effective.
- Partially Effective: The control is correct but there is a large gap in coverage.
- Largely Ineffective: The control has a significant gap in coverage.
- Not Effective: The control does nothing to address the risk.
Remember, there is no right or wrong approach. The best control effectiveness ratings are the ones right for your organisation.
2. Create Effectiveness Rating
To create an effectiveness level:
- Click on Risk and then Associated Lists.
- Click Control Effectiveness.
- Click Add a new Control Effectiveness Rating.
- Enter the name of your effectiveness rating.
- Press Enter.
- If required, you can now enter:
-
- Code: A code that will be meaningful to the risk assessor.
- Description: A clear and concise description which will help the risk assessor when using the matrix.
- Colour: A colour code assigned to this banding.
3. Manage Effectiveness Rating Order
To make effectiveness ratings easier for the end user performing risk assessments you may wish to re-order the ratings from time to time. This doesn't directly affect the functionality of the controls but will make it easier for the user to set the effectiveness ratings.
To manage the ordering:
- Click on Risk and then Associated Lists.
- Select Control Effectiveness.
- Toggle on Manage Ordering.
- Click and hold on the handle to move the order of your risk bands.
- Toggle off Manage Ordering.
4. Set the Effectiveness of a Control
To set the effectiveness of a control:
- Open the risk record.
- Open the Controls.
- Click [Set Effectiveness].
- Select the Effectiveness.
- If required, enter an Effectiveness Description.
- Click [Save].
5. Change the Effectiveness of a Control
To change the effectiveness of a control:
- Open the risk record.
- Open the Controls
- Locate the control you would like to change the effectiveness of.
- Click [Edit Effectiveness].
- Select the Effectiveness.
- If required, enter an Effectiveness Description.
- Click [Save].
Article Comments
0 comments