- Risk Mgmt Setup

Change Control - Risk Management Setup

Risk Assessment Settings

Every Organisational Unit can have it’s own Risk Assessment matrix, based on a customisable set of ‘Risk Consequences’ and ‘Risk Likelihoods’. The matrix is added to every new Change Control request, where Risk Scores are then calculated by either adding or multiplying (according to user preferences) the consequence and likelihood values selected.

To access the Risk Assessments setup page for a given OU:

  1. Navigate to Administration > Settings > Organisational Unit Preferences
  2. Select the relevant OU from the dropdown menu, Organisational Unit
  3. Click in the Risk Assessment Settings row to open that tab

The page that opens has some basic settings in the top section, a middle section to enter all the parameters and a bottom section where you can preview what the risk matrix will look like.

The names, ‘Risk Consequence’ and ‘Risk Likelihood’ can be changed as required in the fields provided.

Please note that the terms, Risk Impact and Risk Mitigation are used in other fields.

The Risk Score calculation method can be adjusted by clicking the field, Select how risk consequences and likelihoods are used to calculate the risk score.
The choices are addition or multiplication.

The Save button must be clicked before navigating away from the page or changes will be lost.
Any changes made will only apply to new change control records. A snapshot of the risk matrix is taken when the record is created so the matrix can’t be changed on an existing change control record.

Editing a Risk Matrix

Default labels and values are provided for each OU to have a starting point in case any Change Control requests are created before the risk assessment settings are configured. These can be edited to suit the requirements of each department.

The risk matrix consists of a set of Risk Consequence levels laid out horizontally (x-axis) against a set of Risk Likelihood levels stacked up vertically (y-axis). The largest value of each of these is used to calculate the maximum Risk Score.
For example, if the highest Risk Consequence and Risk Likelihood values are set to “10” and addition is selected, the highest Risk Score will have to be “20”; if multiplication is selected, the highest Risk Score will have to be set to “100”.

The Risk Matrix in a Change Control Record
The risk consequences and likelihoods created in this section are selectable from a dropdown menu in the Change Control forms; the system calculates the Risk Score by adding or multiplying them.

Both the risk consequences and risk likelihoods should be set in bands, spreading the scores across the range of risks. The names, scores and colour of each band can be edited and previewed until the desired matrix is accomplished.

To configure Risk Consequence Scores and Risk Risk Likelihood Scores:

  1. Click the appropriate button (Configure Risk Consequences or Configure Risk Likelihoods)
  2. In the lightbox that opens, click, [+]Add Risk Consequences or [+]Add Risk Likelihoods to add a new item in the corresponding section (the area expands to provide extra fields)
  3. Enter a Name in the field provided
  4. Enter a Maximum Score in the next field
  5. Select a Colour from the dropdown menu supplied
  6. Click Create Risk Consequences/Create Risk Likelihoods to complete the creation of a new item (the area collapses again)
  7. To edit any field, click the (edit) pencil icon in the Actions column (the area expands again to provide the same fields as above)
  8. To delete any item, click the (delete) trash/bin icon in the Actions column

To configure the Risk Score, the same steps apply but some calculation is required:

  • The scores must take the type of operation (addition or multiplication) into account.
  • The highest risk score should equal the product (either by adding or multiplying) of the highest likelihood score and the highest consequence score.
  • If the product is higher than the maximum risk score, a top right portion of cells in the risk matrix will not have values (N/A).
    To illustrate, the matrix below uses multiplication and has highest consequence and likelihood scores of “5”. The highest risk score has been set to “10” (where it should have been “25”):
  • If the product is lower than the maximum risk score, not all the risk levels will make it into the matrix.
    The matrix below uses addition and has highest consequence and likelihood scores of “5”. The highest risk score has been set to “25” (where it should have been “10”):

When the parameters have been edited, the risk matrix can be redrawn by clicking the 🔄refresh button above it, on the right.

IF ALL BANDS ARE DELETED FROM THE CONSEQUENCE AND LIKELIHOOD SECTIONS, NO RISK SECTION APPEARS IN THE CHANGE CONTROL FORMS.

NEXT STEP:
The following article describes the two methods of Submitting A New Change Control Request.
PREVIOUS STEP:
Click this link to return to the other Change Control Settings & Permissions.