Accessing controls
You can access controls through lists and trees which allow classification of controls according to different criteria.
Listing Controls
To list all controls:
In the HOPEX IRM desktop, select Libraries > Control Library > All Controls.A drop-down list enables to refine control access and classification according to different criteria:
• Key Controls
Key controls are the controls for which the Key control check box has been selected in the control properties.• Controls with Failed Execution
This list displays controls with an aggregated execution rate lower than 90%. For more details on aggregated execution rate, see Control Dashboard.• Controls with Low Pass Control Level
This list displays controls with an average pass level lower than 85%.
Control level characterizes efficiency level of control elements deployed (controls) to assess the risk.• Risks without Recent Assessment
This list displays controls which have not been assessed for at least 12 months.Accessing Controls by Control Types
To access controls through a tree of control types:
In the HOPEX IRM desktop, select Libraries > Control Library > All Controls > By Taxonomy.A control type allows the classification of controls implemented in a company in accordance with regulatory or domain specific standards (Cobit, etc.).Accessing Controls by Mitigated Risks
To view controls which mitigate (or not) risks:
In the HOPEX IRM desktop, select Libraries > Control Library > All Controls > By Mitigated Risks.A drop-down list enables to distinguish between:
• Controls mitigating risks
• Controls not mitigating Risks
Accessing Controls by Implementation
You can create action plans to implement or modify controls.
To access controls according to their implementation status:
In the HOPEX IRM desktop, select Libraries > Control Library > All Controls > By Implementation.A drop-down list enables you to view:
• controls associated with an action plan.
• controls associated with a delayed action plan.
For each control, columns display:
• If the control is a key control
• The control nature (preventive, corrective)
• The number of implementation action plans
Accessing Controls by Controlled Elements
Trees display controls classifying them by objects the controls apply to:
• processes
• entities
• applications
• accounts
A tree also gives the possibility to view the controls which are not associated to an object.
Accessing Controls by Deficiencies
A drop-down list enables to view controls linked to:
• Open Issues
• Incidents (controls with mitigated and materialized risks)
In the list of controls linked to incidents, the following is displayed in column:
• the number of incidents
• the date of the last incident occurrence
• total net loss