Specifying Actions to be Implemented
Management draws up a set of actions matching risk levels with risk tolerance level and risk appetite for the organization.
For each risk, the selected scenario is described in detail, with the various risk factors and the controls implemented to counter them highlighted. Also specified are controls installed to warn of risks, as well as the corrective procedures to be implemented if the risks occur.
In the case of transfer to partners or assurance, we can specify contracts to be agreed with them, as well as the predicted impact on organization processes.
Implementation of prevention controls to reduce risk frequency and impact can be a solution for risk reduction.
To indicate the controls and action plans enabling risk prevention:
In the Remediation tab of the risk properties page, expand the Controls and Action Plans section.• The Action Plans tab contains the list of action plans installed: for example for creation or improvement of a control, management of a crisis linked to occurrence of an incident, or revision of a process with a view to its improvement.
An action plan comprises a series of actions. Its objective is to reduce the risks or events that have a negative impact on enterprise activities, or to improve efficiency of a process or organization. • The Controls tab lists controls planned for risk reduction.
A control is a set of rules and means enabling the assurance that a legal, regulatory, internal or strategic requirement is respected.