Sign in

Introducing

Ideagen Community

Introducing

Ideagen Community

Articles in this section

See more
  1. Q-Pulse
  2. Q-Pulse Cloud
  3. Risk Module

How to Create & Manage Control Matrices

Alan Blair
  • Updated
Follow
Who is this article for?

 Risk Managers responsible for managing controls.

 Staff access to edit risk matrices is needed.

The Risk module allows you to assign controls to a risk event to reduce or eliminate a threat or consequence from event taking place. It is important to make sure these controls are fit for purpose, both in terms of their fundamental design and in their operational effectiveness. A control matrix is used to assess a control and to provide recommended courses of action on whether further action is needed to refine the control.

This article outlines the steps to create a control matrix which can be used to perform a control assessment. This article does not include any details on how to perform the control assessment (please visit How to Perform a Control Assessment for details on how to use the control matrix during an assessment).

To make the matrix creation process easier to learn, this article is split into 8 sections so that you can either walk through the steps in sequence or you can jump to the section relevant to what you are doing in Q-Pulse Cloud:

  1. Create the Basic Matrix
  2. Confirm Operation and Design Levels
  3. Apply Bands to the Matrix
  4. Activate the Control Matrix
  5. Archive a Control Matrix
  6. Reinstate an Archived Control Matrix
  7. Delete a Control Matrix
  8. Further Reading

1. Create the Control Matrix

The first step is to create the control matrix.  This includes the overall structure and dimensions required by your assessment. A control matrix uses two dimensions:

  • Design: Used to review the overall design of the control in terms of its purpose.
  • Operation: Used to review how well the control is being used operationally.

To create the matrix:

  1. Click on Risk and then Control Matrices.
  2. Click the [Create Control Matrix] button.
  3. In the Create Risk Matrix window, enter:
      • Title: A unique and meaningful title that users performing a control assessment will see.
      • Description: A description of the risk matrix.
      • Dimensions: Select how many dimensions you require on the matrix.
  1. Click [Save].

mceclip0.png

Note: The maximum number of perspectives you can apply to each dimension is 10.

2. Confirm Operation and Design Levels

The operations and design levels on your matrix will have default titles. You can use these titles or you can choose to change them to something more meaningful.

To change the levels:

  1. Click on Risk and then Control Matrices.
  2. Open the control matrix you would like to edit.
  3. Click on Operations.
  4. Click on an Operation
  5. Edit the title and/or the label at the right-hand side.

mceclip1.png

  1. Click [Save].
  2. Repeat for each level.

mceclip2.png

  1. Click on Designs.
  2. Click on a Design
  3. Edit the title and/or the label at the right-hand side.

mceclip3.png

  1. Click [Save].
  2. Repeat for each level.

3. Apply Bands to the Matrix

With the operation and design levels set you are now ready to use these to assign bands to the matrix.

Example: The Operations in this example use the bandings of Fully Operational (F), In Progress (IP) and Non-Operational (N). The Designs use Well Designed (W), Adequately Designed (A) and Poorly Designed (P). These intersect in the matrix to create a unique value.  This can be set to any value that fits your organisation.

To apply the bands:

  1. Click on Risk and then Control Matrices.
  2. Open the control matrix you would like to edit.
  3. Click on Matrix.
  4. Click on a matrix cell.
  5. Update the following information
      • Label: A name that will appear in the cell.
      • Score: The score assigned to the cell.
      • Control Rating Band: The rating of the cell.
  1. Repeat these steps for each cell in the matrix.

mceclip4.png

Remember, there is no right or wrong approach to the matrix or the labels used. The best approach is one that is clear, concise, and meaningful to the user assessing the controls.

4. Activate the Control Matrix

When you are ready to use the matrix it must be activated.

To activate the matrix:

  1. Click on Risk and then Control Matrices.
  2. Open the control matrix you would like to activate.
  3. Click on the ellipsis button.
  4. Click Activate.

mceclip5.png

5. Archive a Control Matrix

If a matrix is no longer needed you can choose to archive it. Archiving a matrix will remove it from future control assessments but will not remove it from any historical assessments that have been performed.

To archive the matrix:

  1. Click on Risk and then Control Matrices.
  2. Open the control matrix you would like to activate.
  3. Click on the ellipsis button.
  4. Click Archive.

mceclip6.png

6. Reinstate an Archived Control Matrix

If a matrix has been archived but is later needed it can be reinstated for active use.

To reinstate the matrix:

  1. Click on Risk and then Control Matrices.
  2. Open the control matrix you would like to activate.
  3. Click on the ellipsis button.
  4. Click Reinstate.

mceclip7.png

7. Delete a Control Matrix

If a matrix is no longer needed and you want to completely remove it from Q-Pulse Cloud then it will need to be deleted.

To delete the matrix:

  1. Click on Risk and then Control Matrices.
  2. Open the control matrix you would like to activate.
  3. Click on the ellipsis button.
  4. Click Delete.

mceclip8.png

  1. When prompted, click [Delete].

8. Further Reading

  • How to Perform a Control Assessment

Article Comments

0 comments