Every Organisational Unit can have it’s own Risk Assessment matrix, based on a customisable set of ‘Risk Consequences’ and ‘Risk Likelihoods’. The matrix is added to every new Change Control request, where Risk Scores are then calculated by either adding or multiplying (according to user preferences) the consequence and likelihood values selected.
To access the Risk Assessments setup page for a given OU:
The page that opens has some basic settings in the top section, a middle section to enter all the parameters and a bottom section where you can preview what the risk matrix will look like.
The names, ‘Risk Consequence’ and ‘Risk Likelihood’ can be changed as required in the fields provided.
Please note that the terms, Risk Impact and Risk Mitigation are used in other fields.
The Risk Score calculation method can be adjusted by clicking the field, Select how risk consequences and likelihoods are used to calculate the risk score.
The choices are addition or multiplication.
The Save button must be clicked before navigating away from the page or changes will be lost.
Any changes made will only apply to new change control records. A snapshot of the risk matrix is taken when the record is created so the matrix can’t be changed on an existing change control record.
Default labels and values are provided for each OU to have a starting point in case any Change Control requests are created before the risk assessment settings are configured. These can be edited to suit the requirements of each department.
The risk matrix consists of a set of Risk Consequence levels laid out horizontally (x-axis) against a set of Risk Likelihood levels stacked up vertically (y-axis). The largest value of each of these is used to calculate the maximum Risk Score.
For example, if the highest Risk Consequence and Risk Likelihood values are set to “10” and addition is selected, the highest Risk Score will have to be “20”; if multiplication is selected, the highest Risk Score will have to be set to “100”.
The Risk Matrix in a Change Control Record
The risk consequences and likelihoods created in this section are selectable from a dropdown menu in the Change Control forms; the system calculates the Risk Score by adding or multiplying them.
Both the risk consequences and risk likelihoods should be set in bands, spreading the scores across the range of risks. The names, scores and colour of each band can be edited and previewed until the desired matrix is accomplished.
To configure Risk Consequence Scores and Risk Risk Likelihood Scores:
To configure the Risk Score, the same steps apply but some calculation is required:
When the parameters have been edited, the risk matrix can be redrawn by clicking the 🔄refresh button above it, on the right.
IF ALL BANDS ARE DELETED FROM THE CONSEQUENCE AND LIKELIHOOD SECTIONS, NO RISK SECTION APPEARS IN THE CHANGE CONTROL FORMS.
NEXT STEP:
The following article describes the two methods of Submitting A New Change Control Request.
PREVIOUS STEP:
Click this link to return to the other Change Control Settings & Permissions.