Register a risk and control plan template
This content was translated by artificial intelligence. To request a review, send an e-mail to documentacao_se@softexpert.com.
|
|
|
|
|
|
|
|
Prerequisites
- Access the Management menu > Plan template (RI304) .
- Previously registered context .
- Business unit previously registered.
- Pre-configured viewing profile .
Presentation
In SoftExpert Risk, it is possible to create risk plan or control plan templates to standardize the generation of these documents and ensure greater consistency in the management process.
These templates allow plans to be created with all settings pre-defined, and it's also possible to make adjustments or add additional information whenever necessary, ensuring that each plan meets the specific needs of each situation.
This article will show you how to register a plan template.
Register a risk and control plan template
It is possible to create a new template from an existing plan template. To do this, instead of selecting New template , select Existing template and specify the desired plan template .
1. Access the Management menu > Plan template (RI304) .
2. Click the button 
.
3. To create a template, keep the New template option selected.
4. Select the context to be used and click the button 
.
5. Fill in the required fields: click the arrow next to the Identifier field to generate an automatic identifier and enter a name for the plan template. The Context field is pre-filled with the previously selected information, but it can be changed.
6. Select the scope to be covered by the model: choose Risk to build the model structure with elements, risks, and controls, or Process to build the model structure based on a specific process. In this case, selecting Process will enable an additional field to specify which process should be used as a reference.
7. Specify the business unit to which the model being created belongs.
8. In the Advanced Options tab, the settings for risk, opportunity, and control analyses are established, based on the model being registered:
Advanced options settings
Will the plan follow the model review?
By selecting this option, whenever a new plan revision is created, it will be updated with the records from the current revision of the template, including the new records and excluding the plan records created from the template.
Include potential assessment.
Select this option so that, during risk assessment, it is possible to perform a potential risk assessment. This assessment only considers the risks in the risk plan. The name of the assessment will vary according to the settings configured in the Default View Profile Configuration tab .
Include residual assessment.
Select this option so that, during the risk assessment, it is possible to perform a residual risk assessment. This assessment takes into account the controls and treatments of the risk plan. The name of the assessment will vary according to the parameters set in the Default View Profile Configuration tab .
When you select the Include residual assessment option , the Residual calculation field will be enabled. Select one of the following options to define how the residual risk will be calculated:
- Manual : the calculation will be performed manually, that is, during the risk assessment, fields will be presented for filling in the assessment score.
- Percentage of control effectiveness : This option will only be displayed if the context is configured with a risk assessment method of the Matrix , Quantitative , or Matrix with Quantitative type . In this type of calculation, the result of the residual risk assessment will be obtained by multiplying the actual risk by the percentage of effectiveness of the risk controls. When the risk has only one control, the percentage of control effectiveness will be the control assessment value itself; however, when the risk has two or more controls, the effectiveness will be obtained through a calculation of the intersection of the values (percentages) of the control assessments, which is given by:
Control effectiveness = 100 - {[(100 - control_01)/100] * [(100 - control_02)/100] * ... * [(100 - control_N)/100] * 100}
The result of the residual risk assessment, for each method, is obtained as follows:
- Quantitative : the result of the residual risk assessment will be obtained by multiplying the result of the real risk assessment by the effectiveness of the controls, which is obtained through a percentage calculation that takes into account the results of all controls for that risk.
Residual risk = Actual risk * (control effectiveness %)
- Matrix and Matrix with Quantitative Data : The result of the residual risk assessment will be obtained by multiplying the result of the real risk assessment by the effectiveness of the control groups defined for each axis of the matrix (detective controls and preventive controls). Therefore, it is necessary to define which controls will be used on each axis of the matrix, selecting one of the options: Detective controls minimize the X-axis and preventive controls minimize the Y-axis , or Detective controls minimize the Y-axis and preventive controls minimize the X-axis . For each axis of the matrix, the result of the real risk assessment will be multiplied by the percentage of effectiveness of the controls.
Residual risk = [Actual risk * (control effectiveness %)] x [Actual risk * (control effectiveness %)]
Risk classification determines whether the effectiveness of the control is used to minimize or maximize the value of the residual risk. For example, when the risk is classified as an opportunity, the controls act to increase the exposure to the original risk. In this way, the effectiveness increases the value of the residual risk, as it is desired that the risk materializes.
- Subtraction of control effectiveness : This option will only be displayed if the context is configured with a risk assessment method of the Matrix , Quantitative , or Matrix with Quantitative type . In this type of calculation, the result of the residual risk assessment will be obtained by subtracting the effectiveness of the control controls from the actual risk. The effectiveness of the controls is obtained through the arithmetic sum of the values of the control assessments. The result of the calculation for each method is obtained as follows:
- Quantitative : the result of the residual risk assessment will be obtained by subtracting the result of the real risk assessment from the effectiveness of the risk controls.
Residual risk = Actual risk - (Control effectiveness)
- Matrix and Matrix with Quantitative Data : the effectiveness of the control will be obtained by subtracting the result of the real risk assessment from the sum of the results of the assessments of the control groups defined for each axis of the matrix (detective controls and preventive controls). Therefore, it is necessary to define which controls will be used on each axis of the matrix, selecting one of the options: Detective controls minimize the X-axis and preventive controls minimize the Y-axis , or Detective controls minimize the Y-axis and preventive controls minimize the X-axis . For each axis of the matrix, the result of the real risk assessment will be subtracted from the sum of the results of the control assessments.
Residual risk = [Actual risk - (Control effectiveness)] x [Actual risk - (Control effectiveness)]
- Customize : This option will only be displayed if a custom formula has been configured. In this type of calculation, the evaluation result will be obtained through these custom formulas registered in the general parameters . Therefore, it is necessary to define which formulas will be used in the X-axis and Y-axis of the matrix.
Assign responsibility for all risk/opportunity analyses of the plan.
This option assigns a single responsible party to all risk analyses for plans based on this model. Selecting this option will enable the Responsible Party and Responsible Team fields .
Assign a responsible party for all plan control analyses.
This option assigns a single responsible party to all control analyses of plans based on this model. Selecting this option will enable the Responsible Party and Responsible Team fields .
Use identification mask for risk/opportunity analysis.
This option allows the risk analysis identifiers for model-based plans to be obtained using an identification mask. Selecting this option will enable the fields Identification Mask (only identification masks whose object is risk analysis will be available for selection) and Allow changing the identifier .
Use identification mask for control analysis.
This option allows the risk analysis identifiers for model-based plans to be obtained using an identification mask. Selecting this option will enable the fields Identification Mask (only identification masks whose object is control analysis will be available for selection) and Allow changing the identifier .
Risk/Opportunity Assessment Approval Roadmap
This option will only be displayed if the "Allow risk and control assessment only in the design phase" option is not selected in the context , or if the assessment method associated with the type is not Matrix .
Select this option to have the risk and opportunity analyses of the plans based on the model go through approval. To do this, in the Responsible Roadmap field , select the desired responsible roadmap.
Approval guidelines for control analysis assessment
This option will only be displayed if the "Allow risk and control assessment only in the design phase" option is not selected in the context , or if the assessment method associated with the type is not Matrix .
Select this option to have the control analyses of the model-based plans go through approval. To do this, in the Responsible Routing field , select the desired responsible routing.
Revalidation
This field will only be available if the context has been configured with the revalidation option. The fields Validity , Revalidation , and Expiry Date will be displayed .
9. After finishing, click to save .
10. Thus, the plan template has been registered, however, the registration is under review . To make it effective, click on Accept review and confirm to release the review.
The "Accept revision" option will be displayed if the context is configured with the ISO9000 revision type . If the simplified revision is configured, the "Enable editing" option will be displayed .
11. The registered plan template will be displayed in the menu's record list. If desired, you can click on:
 |
This button allows you to view and edit the plan template data. |
 |
This button allows you to delete the plan template. |
 |
This button allows you to import Risk, Control, Opportunity, and current Assessment. |
 |
This button allows you to associate risks, controls, and elements within the plan template structure. Click here for more details. |
 |
This button allows you to activate or deactivate the plan template. |
 |
This button allows you to compare revisions of the plan template. |
When creating a plan template, you can use Copilot , SoftExpert's artificial intelligence, to help in writing the description. For more details, see the article "Using AI in text creation and editing ".
Conclusion
With the plan template properly registered, the next step is to create the risk plan .