Add a control to a risk
Controls are added to the risks for the on-going review of processes.
Before you begin
Role required: sn_risk.manager and sn_compliance.manager
About this task
Procedure
- Navigate to All > Risk > Risk Register > All Risks
- Open the risk record from the list.
-
Continue with one of the following options.
Option Description Add an existing control - In the Controls related list, select Add.
- Select the controls that are associated with the risk profile.
- Select Add relationship.
Note:The controls displayed after selecting the Add button are limited to controls where the entity of control matches the risk entity. If there are no eligible controls that can be related to the risk, the Add button isn’t displayed on the Controls related list.Add a new control - In the Controls related list, select New.
- On the form, fill in the fields. For a description of the field values on the Control form, see Create a control.
- Select Submit.
Inherit common controls - In the Controls related list, select Inherit common controls.
- Select the controls.
- Select Add.
Note:The common controls displayed after selecting the Inherit common controls button are limited to controls where the reliant entity of control matches the risk entity. If there are no eligible controls that can be related to the risk, the Inherit common controls button isn’t displayed on the Controls related list.- When a control objective and risk statement are associated and the control entity matches the risk entity, the risk-control association is created.
- The risks and controls that are created after associating a control objective to the risk statement aren’t associated with the risk statement immediately. They get associated when the GRC Profile Generation scheduled job runs.
- If you manually delete a control from a risk, the control won’t be re-created by the scheduled job. You must manually create it again if necessary.