Controls Adding New Controls 2020 Whats are Controls

Controls Adding New Controls 2020

What’s are Controls? Controls are activities we perform to help manage our risks. Example: RISK: Failing to attend a business meeting or arriving late Control: Set an alarm for 6: 00 AM every night. RISK: Getting hit by a vehicle while crossing a road. Control: Look-left … look-right.

What controls we operate? The activities we perform at the end of each month, quarter, year that help us deliver our tasks are Controls. Example: {Insert a few examples to drive a conversation}

Adding a New Control Users with “Owner” or “Reviewer” rights can create New Controls, this helps us ensure quality of controls added. New control: Adding a New Control using the Menu on the right.

Overview There are four main steps when adding a new Control. STEP 1: Basic Information about the control, capturing details about: • The type of Control, • The Objective of the Control, • Basic governance around who in the business owns and operates the control on a day to day basis. STEP 2: define Relational Information by mapping the Control to one or more of the existing Risks or Indicators. STEP 3: Assess the effectiveness of the control on the day of migration to Co. Vi. If this is a new control, leave it as New. STEP 4: Review all the information together before saving.

Step 1 – Basic Information 1. Title: Use this to give the control a snappy title (120 characters max). 1 2. Type: Select the type of control (Preventative, Detective etc. ) 3. Description: Describe the control in such a way that anyone independent can understand it. We recommend outlining: 2 3 • Objective: what the control aims to achieve; • Instructions: in a few bullets describe the key steps involved in completing the control; and 6 4. Evidence Type: A drop down with different evidence types (meeting minutes, director sign-off etc. ) 5. Flags: Toggle the “Key” or the “Certificate” icons if this control is considered key or is required for some form of certification (e. g. So. X). 8 7 9 6 6 6. Ownership: includes the owner (individual responsible), Reviewer, Control Operator (aka manager) and the team responsible, business Unit and Entity. 5 5 4 • Evidence: what evidence can be shown to demonstrate this control has operated. 9 6 10 7. Operational Frequency: frequency with which the control operates. 9. 8. Testing Frequency: frequency with which the control will be tested/attested to. A control may operate monthly but you may decide to test it quarterly. 10. Other Ref: a free form text to capture any references to other systems, framework (e. g. So. X) etc. Policies / processes: Map the control to one or more business policy or processes.

Step 2 – Relational Information In this steps users map the control to one or more of the existing Risk (1) or Indicators (2) which this control relates to. Note that the users are able to create partial new Indicators (3) as part of this step. In this case, Indicators attached to controls would be Key Control Indicators (KCIs). 1 Example: if the control is Salary Benchmark then a relevant indicator could be Staff turnover. 2 3

Step 3 – Assessment 1 In this step users assess the control by: 1. Assessment date: set the date of last assessment. 2. Control Design*: is the control design effective. 3. Control Operations*: is the control being operated effectively. 4. Comment: comment supporting the assessment. 2 3 4 5 5. Attachment: Evidence supporting the assessment (drag and drop files). Example: consider that the Salary Benchmark is being performed annually but the staff turnover remains high and one of the main reason is poor pay. This suggests that although the control is operating effectively, there is a flaw in the design of the control (perhaps the benchmark is not correct). *Note: The options for assessing effectiveness are {Effective, Ineffective, New}

Step 4 – Review & Save The final step plays back all the information added by the user in one clear place for a review before finalizing the New Control. Once the users are happy, they should press Save (1) to add the Control to the Controls Register. If any changes need to be made, use the Previous (2) button to go back to the steps that require edits. 2 1

Next Steps For more information, visit Co. Vi’s Knowledge Base kbase. covianalytics. com © 2020 Co. Vi Analytics All rights reserved.