Specification of actions to be implemented
Management draws up a set of actions matching risk levels with risk tolerance level and risk appetite for the organization.
For each risk, the selected scenario is described in detail, with the various risk factors and the controls implemented to counter them highlighted. Also specify which controls are installed to warn of risks, as well as the curative business processes to be implemented if the risks occur.
In the case of transfer to partners or assurance, we can specify contracts to be agreed with them, as well as the predicted impact on organization processes.
Implementation of prevention controls to reduce risk frequency and impact can be a solution for risk reduction.
To indicate the Controls and Action Plans enabling risk prevention:
In the Treatment property page of a risk, expand the Controls and Action Plans section.• The Action Plans tab contains the list of action plans installed: for example for creation or improvement of a control, management of a crisis linked to occurrence of an incident, or revision of a process with a view to its improvement. See Implementing Action Plans.
An action plan comprises a series of actions, its objective being to reduce risks and events that have a negative impact on company activities. A control is a set of rules and means enabling the assurance that a legal, regulatory, internal or strategic requirement is respected.