Control System Ongoing Improvement
Malfunctions identified via permanent operation monitoring or during periodic reviews are referenced and analyzed. Corrective actions are then planned and implemented.
• Malfunction identification
The malfunctions to be examined are identified using a number of available sources: the initial remediation plan, feedback on risk remediation and incidents in installed control systems, and periodic reviews by operational management.
• Malfunction analysis
Malfunctions are studied to deduce risks faced by the organization. These are then analyzed as previously discussed by determining risk factors with the possible help of a cause-and-effect diagram.
• Risk treatment implementation
When the risk treatment actions to be undertaken, the control data storage requirement, and the risk measurement indicators to be implemented have been determined, an action plan including the necessary resources, budgets, deadlines and implementation managers is defined.
• Risk treatment action plan monitoring
The frequency and terms of risk treatment plan monitoring are established.
The
HOPEX repository enables the definition of controls carried out during enterprise business process execution, and the specification of which organizational, IT or human resources will implement them (see
"Risk Treatment and Controls", page 43).
HOPEXalso allows you to describe procedures for feedback of information from the controls carried out during enterprise business process execution (see HOPEX Business Process Analysis of the MEGA modeling suite).
+ In the
HOPEX Control and Risk product, a
Redundancy tab is used to specify that certain controls are redundant. Use the accounting option tab if necessary to reuse information that was defined in this tab to integrate it in the
Scope of the control. To activate the accounting option, see
"Managing Options Relating to Risks", page 5.