A library provides a structure to the process of evaluating risks and controls.

It summarizes and defines, in a common repository, the risks to which the company is exposed and the controls that mitigate said risks, in addition to facilitating discussions and promoting consistency as to a culture of awareness about risk management and compliance.

We will create the following libraries:
 

Create a risk library

The first step is to create the categories of the risks.

The risks in the library can be organized into the following categories: conformity, operational, strategic, and others.

First, access the Risk type menu (RI112) and click on the button.

On the screen that will open, fill in the ID # field with "OP" and the Name field with  "Operational".

After doing that, click on the button.

Now, we will create the risks that will be part of the library.

To do so, access the File > Risk menu (RI210), click on the button and select the previously created "Operational" type.

On the risk data screen, click on the arrow next to the ID # field to generate a number automatically, then fill in the Name field with "System failures".

After doing that, click on the button.

Done. We have successfully created a risk library!

Create a control library

A control library is a set of measures selected and documented by the organization in order to mitigate risks.

Internal controls are categorized as a series of policies and procedures or technical protections that are implemented with a view to preventing problems and protecting the organization from risks.

To create a library, we will first define the control type.

To do that, access the RI118 menu and click on the button.

On the screen that will open, fill in the ID # field with "C2" and the Name field with "Procedure".

After doing that, click on the button.

After defining the control type, we will create the controls that will be part of the library.

To this end, access the RI209 menu, select the "Procedure" risk type and click on the button.

On the control data screen, click on the arrow next to the ID # field to generate a number automatically, then fill in the Name field with "Policies and procedures".

After doing that, click on the button.

Create a treatment library

Treatments refer to the process of developing options and determining actions to improve opportunities and reduce the threats of risks.

In the SE Risk component, it is possible to create a record of the main treatments and responses to risks, so that the organization can thus have a standard to solve probable threats.

To create a treatment library, we will first create a treatment type.

To do that, access the RI119 menu and click on the button.

On the screen that will open, fill in the ID # field with "STR" and the Name field with "Standard".

After doing that, click on the button.

Then, access the File > Treatment menu (RI208) and click on the button.

On the treatment data screen, click on the arrow next to the ID # field to generate a number automatically, then fill in the Name field with "Enter the manager password in disbursements over the limit".

And in the Response to risk field, select the "Reduce" option.

After doing that, click on the button.

In this way, we have successfully created a tre