Purpose: To record the review of the risk structure of the organisation and the related risks and controls.
To Access: Risk Management - Risk Review.
The Risk and Control Review function is used to formally record the periodic review of the risk management structure and the risks and controls attached to it.
The functionality of the Risk and Control Review is the same as the Risk Evaluation with the exception of the tick box in front of each organisation unit and a Confirm Review button.
Periodically (as determined by the organisation's risk management policy), risk owners should review the part of the risk management structure under their control to make sure that the structure adequately reflects the operation, all relevant risks are identified, described and rated and the controls documented in the system are current and effective. When the review is completed, the box in front of the organisation unit is ticked to signify that the review is completed. This is the equivalent of the risk owner attesting that the risks and controls are completely and accurately documented in GuardianERM.Net under the organisation units he/she is responsible for.
When a box is ticked, the user will be prompted to confirm and once confirmed, the box cannot be un-ticked. After ticking the boxes, click the Confirm Review button and the data will be saved. The date it was last done are shown in the Organisation Unit details panel:
Note: All children organisation units must be ticked first before their parent unit can be ticked.
The tick boxes can be reset to blank by the administrator using the Administration function or automatically on predetermined dates if the optional GuardianERM.Net Workflow system is installed.
See also: