All the industry defined standard controls and questionnaires will not be applicable while running periodic assessments. You may have to analyze the controls that are already enforced or those applicable controls which are planned for implementation by the organization to minimize the risks to an acceptable level. You could recommend appropriate controls based on the results of the risk assessment process. Users can secure their domain by mapping extra controls to a risk when certain controls are unfit in exercising the mitigation process.
To map a control
- Display the details of an assessment. You can either:
- Navigate to Assessments > Assessments and select the desired assessment and click Details.
- In the Enterprise Risk Manager application, navigate to Assessments > Programs, select the program containing the desired assessment, select the assessment and click Details.
- Display the controls section from the risk management page. You can either:
- Click a desired risk to see the details and click Controls to open the section.
- Select one of the risks and choose Control Analysis from the more actions pull down list.
- To map a control to the risk, click New Control Mapping. The Select one or more controls dialog appears.
- Select the appropriate controls from the program controls tree and click OK. The new control map is added to the risk.