Visualize your risks using Impero Risk Module

Add a control to your risk

To add a control to your risk click on “Risk Center” in the menu. Click on risk map and find the risk you wish to add a control to. Choose a likelihood for the risk (low, medium, high), and add a comment (optional). There are now three different options: Add a control from Impero: To add a control from Impero click “Add control” and find your control under the tab “Add a control from Impero”. Select a risk coverage of the control and click “OK”. If there are several controls to mitigate the same risk, the procedure is repeated. Click “Save” to add the mitigating control to your risk. External Control: To add an external control click “Add control” and find your control under the tab “Add an external control”, or click “Create new external control”. Provide the external control with a name, description, responsible, frequency and, risk coverage and click “OK”. If there are several controls to mitigate the same risk, the procedure is repeated. Click “Save” to add the mitigating control to your risk. N/A: If the risk is not relevant, you can mark it as not applicable by check the box “Not applicable” and click “Save”.

Add a risk map

To add a risk map click on “Risk center” in the left menu. Then click on “Add a risk map” under the Risk Maps tab. Provide a name and description and click “Next”.

You can now design your risk map with processes, sub-processes, control objectives and risks. Processes and control objectives both consist of a name and a description.

When your processes, sub-processes and control objectives has been created it is time to add risks to the risk map. A risk consist of a name and description, risk impact (low, medium, high), financial statement assertions (completeness, valuation or allocation, existence or occurrence, presentation and disclosure, rights and obligations) and objectives (strategic, operations, reporting, compliance). All these elements help you define the risks you company is facing.

When you are done click “Save risk map”.

 

Add an entity

Entities are created to allocate different part of the risk map to different entities. The risk map is the overview of the entire organization, but no all entities have the all risks. Some entities might not have a sales or production department i.e.

To add an entity click on “Risk center” in the left menu. Then click on “Add an entity” under the entities tab. Provide a name and description and click, and give users access with either responsible, edit/view, or view. Click “Save” to save your entity.

Assign entities to your risk map

To assign entities to your risk map, click on “Risk Center” in the menu. Click on the risk map tab, and click on the three grey dots next to the risk map you wish to assign entities to, then click “Assign entities”.

You can assign entities to the entire risk map or to a specific part of the risk map, if the entity only have a set of the organizations processes.

Click “Save risk map” to assign the entities to your risk map.

 

Delete entity

To delete an entity, click on “Risk Center” in the menu. Then click on the three grey dots next to the specific entity and select “Delete entity”. Click on “Ok” to delete the entity.

Edit entity

To edit an entity, click on “Risk Center” in the menu. Then click on the three grey dots next to the specific entity, and selecting “Edit”. Make the changes, and click on “Save” to save the changes.

Edit your risk map

To edit a risk map, click on “Risk Center” in the menu. Then click on the risk map tab. Click on the three grey dots next to the risk map you wish to edit.

If you wish to edit process, sub-process, control objectives, or risks click on the little black arrow in the upper left corner next to the title of your risk map.

Make the changes, and click on “Save risk map” to save the changes.

Manage access rights for your risk map

To manage the risk map access rights, click on “Risk center” in the left menu and click the Risk Maps tab. Then click on the three grey dots next to the risk map you wish to manage the access rights for.

Access is granted from risk map level. You can grant access individually on all risk maps, thereby securing that only relevant users are granted access to view all processes, sub-processes, control objectives, and risks assigned to the risk map.

There are three types of access rights, “Responsible”, “Edit/View” and “View”.

Responsible:

The user assigned as “Responsible” will be responsible for the risk map. This is typically the creator of the risk map.

Edit/View:

All users assigned with “Edit/View” access will be able to manage the risk map. This means creating, editing, and deleting processes, sub-processes, control objectives, and risks, within the risk map.

View:

Users with “View” access will be able to monitor the risk map. A “View” access also grants the user access to view everything assigned to the risk map. “View” access is typically used for internal and external auditors.