How does the controls module work?

Controls are actions that your company or process owners can take to mitigate the impact, i.e. the damage that a risk can cause if it materializes or the probability of its occurrence.

With our controls module you will be able to register all the controls you consider necessary to prevent, detect or correct risks to which your company is exposed, you will also be able to qualify them through design, execution and robustness and finally, you will be able to associate risks and those responsible for supervising these controls.

→ Remember that this functionality will be available in the starter plan.

We explain how to register your controls in Pirani 👀

How to create a control?

In the Pirani sidebar go to the "Controls" section of your dashboard and click on the "Create control" button.

Captura de Pantalla 2023-01-06 a la(s) 11.31.39 p. m.

How to register general information?

In this part you will find only one mandatory field "Name", make sure that the name of your control is descriptive and easy to remember so that you can find it in the future. 

In the "Description" field, you can elaborate by describing in detail what the control will consist of.

Captura de Pantalla 2023-01-06 a la(s) 11.30.24 p. m.

How does the rating of controls work?

Just as risks have an impact and frequency rating, controls have an "effectiveness" rating. In the "Parameterization" section (with the gear icon) at the top right, you will find 4 categories: weighting, design, execution and robustness.

Weight assignment:
Here you determine which will have more weight for your rating, design or execution by clicking on the "Edit parameterization" button.

Captura de Pantalla 2023-01-06 a la(s) 10.13.11 p. m.

Design" criteria: 
You will be able to parameterize the fields that will define the design as you deem necessary.

Captura de Pantalla 2023-01-06 a la(s) 10.13.20 p. m.

Execution" Criteria:
You will be able to parameterize the fields that will define the execution as you consider necessary.

Captura de Pantalla 2023-01-06 a la(s) 10.56.38 p. m.


"Robustness":
Once you have completed these questions, define what score the robustness will have according to the items you determine. 

Captura de Pantalla 2023-01-06 a la(s) 10.56.47 p. m.

 Here is a detailed tutorial on how to parameterize the controls.

How to associate risks?

Controls become more relevant when you associate them with a risk. Keep in mind that international risk management standards talk about two concepts:
Inherent risk, which is the natural level of risk to which the company is exposed by the processes it executes. 
Residual risk, which is the level of risk that remains after controls are applied.

In order to have a residual risk profile for your entire company, for each process or for each risk, it is essential that you associate your controls to the risks they help to mitigate. 
You can associate risks to controls in the process of creation or already created, you must go to the risk section in the create control box and click on the "associate" option.

Captura de Pantalla 2023-01-06 a la(s) 11.43.54 p. m.

Here you will see the list of records in the module you are in. In this section you can search for records with the search engine or choose from the options available in the module.
 To make the association you must click on the "+" icon on the right side of the record to be selected.

Captura de Pantalla 2023-01-06 a la(s) 11.44.40 p. m.

Finally, it indicates in what percentage it helps to mitigate the impact or frequency of a risk.

Captura de Pantalla 2023-01-06 a la(s) 11.45.09 p. m.

How does the residual risk calculation work?

The residual risk calculation is the result of a mixture of three components: 

- The inherent risk rating
- The effectiveness of the controls associated with the risk.
- The risk mitigation percentage you associate with the frequency and impact.

Suppose we have an inherent risk that has a frequency rating of "Unlikely 20%" and an impact rating of "Moderate 48%".
For this risk we have created a control that has an effectiveness of 68.75%.
Captura de Pantalla 2023-01-06 a la(s) 11.51.41 p. m.

And we have defined that the percentage of mitigation of this risk is: Impact 50% and frequency 20%. 

Captura de Pantalla 2023-01-06 a la(s) 11.57.45 p. m.

In order to calculate the effect that this control has on the risk, our system calculates the mitigation of the control on the frequency and the inherent impact to find the frequency and the residual impact. For our example the result would be as follows.
Residual impact: 31.5 Residual frequency: 17.25

Captura de Pantalla 2023-01-06 a la(s) 11.58.30 p. m.

How to associate managers?

To associate a manager to the control, inside the create control box go to the left side to the managers section and click on the "associate" button, there you will see the list of created manager groups or create a new group. In this section you can search for records with the search engine or choose from the options available in the module.

To make the association you must click on the "+" icon on the right side of the record to be selected.

Captura de Pantalla 2023-01-06 a la(s) 11.58.56 p. m.

How to edit a control?

You can edit the fields of the control at any time. Enter the Control Panel and click on the name of the control you want to modify, the "See more" button will appear on the right side, when you click on it you will be taken to the risk dashboard where you can:

- Change the name of your control and the effectiveness rating.
- Modify the description.
- Associate or delete risks.
- Modify the impact and frequency mitigation scores.

Captura de Pantalla 2023-01-07 a la(s) 12.04.28 a. m.

How to delete a control?

You can delete any control by clicking on the control you no longer wish to have, on the right side you will find a trash can icon, when you click on it you will get a warning that the control will disappear forever, as well as its associations with risks.

Captura de Pantalla 2023-01-07 a la(s) 12.04.37 a. m.

CTAs-help-center-orm_controls