Managing risks and controls¶
This feature is available in the Enterprise Edition.
This article describes the basic version of the risks and controls feature. An extended feature that allows you to customize risk and control tables and to manage risks and controls in the Dictionary is now available as a beta version. Read more at Managing risks and controls definitions (Beta).
With Signavio’s integrated risk management feature, process modelers can define risks and controls directly at any process step during modeling. These risks and controls can be defined and associated with the corresponding activities. For easy identification, they can also be highlighted in a graphical representation.
Creating custom attributes to manage risks and controls¶
In order to define risks and controls for certain process elements you need to create a custom attribute of the type Risks and controls:
- Go to Setup, then Define notations/attributes in the top drop-down menu of the Signavio Explorer.
The ‘Define notations/attributes’ menu
Click on the desired modeling language/diagram type on the left, then choose the element in the middle column, for example a Task in a Business Process Diagram (BPMN 2.0).
Attention The (un-)checked boxes only define whether the elements are activated for the selected modeling language set or not. You choose language and element by highlighting (clicking) their name.
Click the Add button to add custom attribute of the type Risk and Controls:
Create a custom attribute of the type Risk and Controls for the process element ‘Task’.
- Create such an attribute for all kind of process elements you want to manage risks for.
Now you can continue and define risks and controls in process diagrams.
Defining and managing risks and controls in the diagram¶
To define risks and controls for certain process elements, open the desired diagram and select the process element you want to manage the risks for.
If not open already, open the attribute drawer on the right.
Then select the attribute that was created to manage risks and controls, for example Risks and controls:
Select a task and open the risk table.
Now you see a table like this (the table can be customized on request, see below):
Create a new risk.
Click the plus symbol to add a new risk and fill in the fields:
Name te risk and fill out the other fields
When selecting the Controls field, a second table will pop up. In this table you can fill in one or multiple controls for the corresponding risk:
Adding a new control and assigning it to the risk
The following lists explain the attributes of the default risk and controls tables:
- Risk: Descriptive label of the risk entry, e.g. ‘Contract contains wrong numbers’
- Controls: Table with control measures for the risk, see below
- Cause: Brief description of the cause of the risk, e.g. ‘Miscalculation’
- Consequence: Brief description of the risk’s consequence ‘Financial damage due to incorrect contract terms’
- Risk probability (without controls): Assessment of the chance that the uncontrolled risk occurs, e.g. ‘High’
- Extent of damage (without controls): Assessment of the occurring damage, given that the uncontrolled risk occurs, e.g. ‘High’
- Risk probability (residual risk): Assessment of the chance that the controlled risk occurs, e.g. ‘Low’
- Extent of damage (residual risk): Assessment of the occurring damage, given that the controlled risk occurs, e.g. ‘High’
Control: Descriptive label of the control, e.g. ‘Review terms and corresponding calculation’
Control aim: Brief description of the control aim, e.g. ‘Prevent miscalculations’
Type of control: Categorization of the type of control, e.g.’Review’
Documentation: A detailed description of how to perform the control
Responsible: The person or role in charge of the control, e.g. ‘Sales Manager’
Control frequency: The frequency of control performance, e.g. relative to process runs: ‘100%’
Status: The implementation status of the control, e.g. ‘As-Is’
When you finished defining risks and controls click Apply to go back to the diagram itself. Please make sure to safe the diagram before you close the tab.
To gain an overview over the risks you can now click the risk and control button in the top panel:
Display risks and highlight uncovered risks with a red fire icon.
Displaying risks and controls in the Collaboration Hub¶
In order to display risks and controls in the Collaboration Hub, open the Collaboration Hub and go to Overlays - Risks and Controls in the Diagram tab:
Elements to which risks have been assigned will now be highlighted.
If there is no control assigned to a existing risk, you will see the red Fire icon. Otherwise, the green Checked symbol will be displayed.
To display details of a risk, select the corresponding element:
Display risk details. To expand/collapse details click the plus/minus symbol.
Creating risks and control reports¶
Signavio enables you to create XLS risks and control reports. You find more information at Generating risks management reports.
Customize the risks and controls tables¶
Signavio offers customization of the risks and controls tables.
In order to implement such a customization, we need the following data for each column in the risks and the controls table:
- Name (heading)
- Default content and/or drop-down values, if necessary. Note: You can define default values for drop-down boxes.
- The type of content (multi-line text, number, Boolean or drop-down box)
In case you want to use customized risks and controls tables, you can order a customized risks and controls feature through our support team. For this, or i you have further questions, please contact our support team at:
Phone: +49 (0) 30-856 21 54-21