Mitigating a risk

This article explains how to manage a risk by taking risk mitigation steps.

Table of contents

Overview

A risk management strategy consists of three types of Risk Mitigation Steps, or RMS:

  • Measures: they allow you to mitigate a risk.

  • Controls: they can be combined with a measure to ensure the measure is properly implemented.

  • Actions: they represent an action plan to implement a measure.

The same RMS can be implemented for more than one risk.

Creating an RMS

There are two ways to create an RMS:

  • on the "Manage risk" page, by adding it directly to the risk: this is the subject of this article;
  • in the RMS library, without immediately adding it to a risk: see Managing Risk Mitigation Steps (RMS).

Creating an RMS in a risk

To create an RMS in a risk, you must go to the "Manage risk" page.

When you create an RMS in this manner:

  • it is directly added to the risk
  • it is also added to its library, from where it can be added to other risks.

To go to the "Manage risk" page:

  1. In the sidebar, click Risk mapping.

  2. In the list of risks, click a risk.

  3. The "Manage risk" page opens. It contains several items of information retrieved from the risk form:

    • the risk scenario;

    • the list of attached documents;

    • the gross risk.

 

This is where you will create measures and/or actions to mitigate the risk.

You can return to the risk form at any time by clicking the Edit risk button.

The concepts of gross risk, mitigation rating and net risk will be dealt with in the article Obtaining the net risk.

Creating a measure (and a control)

This section explains how to create a measure for a risk, and how to add a control to the measure.

To create a measure:

  1. On the "Manage risk" page, click the Create measure button.
  2. In the Create measure dialog box:

  • give the measure a Name;
  • select the Type of measure: Prevention (e.g. training programs), Detection (e.g. internal alert process), Remediation (remedy an existing situation) or Senior management's commitment (e.g. how management communicates to the employees);
  • click the Persons in charge field to select the contacts or departments that will be in charge of the measure. You can create a new department or contact by clicking the Create department or Create contact buttons.
  • select an Implementation date;
  • you can also describe the measure.

 

3. To help monitor the measure, you can add one or more controls. There are two ways to do this:

  • To create a new control, click Create control: in the drawer that opens, give the control a Name, select its Level, its Frequency, one or more Persons in charge, and enter a description. Then click the Create button.

  • To use an existing control, click the Select control button: the drawer that opens contains a list of all controls currently in the controls library. To add a control, toggle its gray switch to blue. (If the list is long, enter the name of the control in the search field.) Then click Add.

4. The drawer closes. In the Create measure dialog box, the controls added to the measure are displayed. 

To remove a control from a measure, click the "x". The control is not deleted from the controls library, it is simply removed from the measure.

 

5. Click Create. The measure is displayed on the risk mitigation page with its TypeName, and the Number of controls added.

You can repeat this procedure to create as many measures as required.

Creating an action

To create an action:

  1. On the "Manage risk" page, click the Create action button.
  2. In the Create action dialog box:

  • give the action a Name;
  • give it a Status and a Priority;
  • click the Person in charge field to select the contacts or departments that will be in charge of the action.
  • click the Watchers field to select one or more persons who will monitor the progress of the action;
  • choose a Start date and an End date for the action;
  • you can also describe the action.

 

3. Click Create. The action is displayed on the "Manage risk" page with its PriorityName, Status and Deadline.

You can repeat this procedure to create as many actions as required.

Once all the measures and actions have been implemented, you can go to the next step by clicking the Assess risk mitigation button. See Obtaining the net risk.