Specification of Actions to be Implemented
Management draws up a set of actions matching risk levels with risk tolerance level and risk appetite for the organization.
For each risk, the selected scenario is described in detail, with the various risk factors and the controls implemented to counter them highlighted. Also specify which controls are installed to warn of risks, as well as the curative business processes to be implemented if the risks occur.
In the case of transfer to partners or assurance, we can specify contracts to be agreed with them, as well as the predicted impact on organization processes.
Implementation of prevention controls to reduce risk frequency and impact can be a solution for risk reduction.
To indicate the Controls and Action Plans enabling risk prevention:
In the
Remediation tab of the risk properties page, expand the
Controls and Action Plans section.
• The
Action Plans tab contains the list of action plans installed: for example for creation or improvement of a control, management of a crisis linked to occurrence of an incident, or revision of a process with a view to its improvement. See
"Implementing Action Plans".
An action plan comprises a series of actions. Its objective is to reduce the risks or events that have a negative impact on enterprise activities, or to improve efficiency of a process or organization.
A control is a set of rules and means enabling the assurance that a legal, regulatory, internal or strategic requirement is respected.