Mitigating a risk

This article explains how to manage a risk by taking risk mitigation steps.

Table of contents

• Overview
• Creating an RMS
• Creating an RMS in a risk

Overview

A risk management strategy consists of three types of Risk Mitigation Steps, or RMS:

• Measures: they allow you to mitigate a risk.

• Controls: they can be combined with a measure to ensure the measure is properly implemented.

• Actions: they represent an action plan to implement a measure.

Creating an RMS

There are two ways to create an RMS:

• on the "Manage risk" page, by adding it directly to the risk: this is the subject of this article;

• in the RMS library, without immediately adding it to a risk: see Managing Risk Mitigation Steps (RMS).

Creating an RMS in a risk

To create an RMS in a risk, you must go to the "Manage risk" page.

When you create an RMS in this manner:

• it is directly added to the risk
• it is also added to its library, from where it can be added to other risks.

To go to the "Manage risk" page:

1. In the sidebar, click Risk mapping.

2. In the list of risks, click a risk.

3. The "Manage risk" page opens. It contains several items of information retrieved from the risk form:

• • the risk scenario;

  • the list of attached documents;

  • the gross risk.

Creating a measure (and a control)

This section explains how to create a measure for a risk, and how to add a control to the measure.

To create a measure:

1. On the "Manage risk" page, click the Create measure button.

2. In the Create measure dialog box:

• give the measure a Name;
• select the Type of measure: Prevention (e.g. training programs), Detection (e.g. internal alert process), Remediation (remedy an existing situation) or Senior management's commitment (e.g. how management communicates to the employees);
• click the Persons in charge field to select the contacts or departments that will be in charge of the measure. You can create a new department or contact by clicking the Create department or Create contact buttons.
• select an Implementation date;
• you can also describe the measure.

3. To help monitor the measure, you can add one or more controls. There are two ways to do this:

• To create a new control, click Create control: in the drawer that opens, give the control a Name, select its Level, its Frequency, one or more Persons in charge, and enter a description. Then click the Create button.

• To use an existing control, click the Select control button: the drawer that opens contains a list of all controls currently in the controls library. To add a control, toggle its gray switch to blue. (If the list is long, enter the name of the control in the search field.) Then click Add.

4. The drawer closes. In the Create measure dialog box, the controls added to the measure are displayed. 

To create an action:

1. On the "Manage risk" page, click the Create action button.

2. In the Create action dialog box:

• give the action a Name;
• give it a Status and a Priority;
• click the Person in charge field to select the contacts or departments that will be in charge of the action.
• click the Watchers field to select one or more persons who will monitor the progress of the action;
• choose a Start date and an End date for the action;
• you can also describe the action.

3. Click Create. The action is displayed on the "Manage risk" page with its Priority, Name, Status and Deadline.