Risk Treatment

Selecting the most appropriate treatment for higher priority risks involves balancing the costs and efforts of implementation against the benefits derived, and any legal or regulatory compliance requirements. Risks that are deemed unacceptably high need further controls and treatment plans.

Remedial Controls

Remedial Controls

Evaluate risks to determine whether the risks are acceptable (to be monitored and periodically reviewed) or unacceptable (and to be further controlled). Specify how the risk will be handled (e.g. treat, terminate, tolerate, transfer) by selecting from a configurable drop-down list. Define mitigation controls by referencing the COSO Internal Controls framework. Monitor effectiveness of internal controls that have been put in place and check whether a specific control was tested and now requires a remedial action plan.

Treatment plans

Treatment plans

Specify remedial actions, with deadline date, to mitigate or reduce the impact of certain risks. Assign to an owner and track progress to completion as key milestones are achieved.
Create a pre-defined schedule for re-assessing risks, with due dates for completion. Proactively manage reviews with email reminders to owners when a risk is due for re-assessment, saving massive time and effort checking progress. Notify risk owners with email alerts when risk scores or RAG status changes (e.g. green to red) as a result of a re-assessment.