When Controls mapped against a Risk become non-compliant either the Calculated Risk (Classic Risk Assessment) or Automated Factors within RAMs would impact the Risk Score. Monitoring the Risk Score is a natural part of the Risk Owners job. Should the Risk Score fall outside Risk Tolerance, the Risk Owner MAY need to reperform the Risk Assessment and define new Response Tasks (maybe the Risk Response is no longer "Accept" but "Mitigate" and may require defining new and/or better Controls)

Whenever a single Control fails once, the Risk Assessment in itself is still fine, only the Control Environment changes when Controls fail or pass. Reperforming an entire Risk Assessment the second a Control Fails would also mean that the same Risk Assessment needs to be retaken as soon as the Control becomes Compliant again. Remember that Controls Compliance can change every day (or technically even minutes) if you use Indicators to monitor data on the SN platform.

Finally, Risk Owners are also rarely the ones in charge of Compliance but rather 1st/2nd/3rd lines of defense test Controls. A task to solve an issue arising from a failed Control will therefore often fall on someone elses lap than the Risk Manager/Owner.

  The best out-of-the-box way is to create an issue automatically for non-compliance of a control. The issue to be assigned to control owner and this way a notification is delivered to him/her. The issue is fixed in two ways:

1. If the next indicator passes.

2. Manually by the control owner.