Modeling of controls

Controls reduce the effects of risks by reducing the probability of risk occurrence (preventive control) or by reducing the amount of damages caused by the risk (detective control). Therefore, they can be assigned to risks and also functions at which the controls take place. Controls are objects of the Function type. They can be used directly in the control flow, connected to functions via the is carried out at connection, or connected with risks via the is reduced by connection.

Relationships between functions, risks, and controls

Control types

The control type is specified using the attribute Effect of control (Governance, Risk & Compliance (GRC) > Compliance management > Control attributes). Controls can be preventive or detective. If the attribute is not specified, the control is executed but has no preventive or detective effect.

Control execution

Control execution depends on how the control is modeled and configured. An object of the Control type can be used in two ways in the process model. It can be used directly in the control flow or connected to a function via the connection is carried out at. If a control is connected to a function, the control is executed whenever the function is executed, and it influences the associated risk. By default, the control is executed after the function is completed. The Effect of control attribute (Governance, Risk & Compliance (GRC) > Compliance management > Control attributes) influences this behavior. If the option Preventive is enabled, the control is executed before function execution starts. If the option Detective is enabled, the control is executed after function execution has ended. Risks always occur after the function has been carried out. Accordingly, function, risk, and control are carried out in the following order.

Control types

If multiple controls are connected with a function the controls are executed in parallel. Depending on the control type this happens before or after function execution. All controls must be completed before the simulation continues to execute further functions. If an object of the Control type is modeled in a control flow the object is executed like a normal function.

If the risk-based approach is used, controls are usually not modeled in process models but in Business Control diagrams. Since these controls are not directly connected with functions it is not obvious if and when they are to be executed. For the controls to be taken into account during execution they must be assigned to a risk that occurs in one of the simulated process models and is assigned to a function.

If a control is not modeled in a process model it is not executed by default. You can define the execution of such a control by specifying the attribute Control trigger (attribute type group Simulation). For this attribute, you can select the options Function or None.

If you select the option Function the control will be executed whenever the function is executed which is assigned to the risk to which the control is assigned. This corresponds to the behavior of a control that is directly assigned to a function.

If the option None is selected, the control will not be executed. This corresponds to the default behavior of a control that has no occurrence in the process model.

Samples

If the time requirement or cost of controls is too high they are often not carried out during each execution of the associated function or during each process flow. Instead, samples are carried out. You can define samples using the attribute Execution interval (attribute type group Simulation). The execution interval is an integer and indicates a frequency based on execution reasons. The default is 1. A value of 1 means that the control is carried out during each execution of the assigned function. A value of 2 means that the control is carried out during every other execution.

The attribute Execution interval is also relevant to functions or controls used in the control flow. These functions are only carried out in the defined interval, otherwise they are ignored. If required, you can combine the execution intervals of functions and assigned controls.

Example

The process consists of the following objects (in the order stated): event, function with detective control, function. The execution interval is specified with 2 for both function and control. The process is passed through five times. In line with the execution intervals, the following process passes occur:

This means that the function is executed with every other process instance and the control is carried out for every other execution of the function, that is, with every fourth process instance.

Control effectiveness

Controls cannot always prevent risks from occurring (preventive controls) or reduce the damage caused by risks (detective control). The degree of this uncertainty is expressed by the effectiveness of a control and can be specified with the attribute Control effectiveness (attribute type group Simulation). The attribute is specified by a floating point number between 0 and 1. The default is 1. Control effectiveness indicates the probability of risk prevention or damage reduction.

Time and resources used for controls

Executing controls can require time and resources just as executing functions. If time is used, the attributes indicating the time used must be specified. If resources are used the corresponding human, technical, or capacity resource must be connected with the control via a simulation-relevant connection type.

Prevent risks using preventive controls

Preventive controls reduce the probability of a risk event occurring. The value by which the probability of risk occurrence is reduced is specified using the function attribute Risk occurrence probability reduction (attribute type group Simulation).

If a preventive control is successful, the probability of occurrence of the assigned risk (risk attribute Probability) is reduced in line with this decimal value. The control must be carried out before the risk occurs. The risk occurrence probability reduction remains active until the end of the process instance that triggered the control.

If multiple preventive controls were successful, the value leading to the highest reduction is used for calculating the probability of occurrence of the assigned risk.

Example

The value 0.8 is specified for Risk occurrence probability and the value 0.25 is specified for Risk occurrence probability reduction. This means that the probability of occurrence is reduced to 0.8 * (1 - 0.25) = 0.6.

Reduce damage by risks with detective controls

Detective controls reduce damages caused by the occurrence of a risk event. The value by which the damages are reduced is specified using the function attribute Risk damage reduction (attribute type group Simulation).

If a detective control is successful, the total damage caused by the risk is reduced in line with this decimal value. The control must be carried out after the risk occurred. Only damages that occurred within the process instance that triggered the control are reduced. If the same or another control detects the same risk in this process instance again, the reduction applies to both the damage that was previously detected and the damage that was detected later.

Example

The original damage is EUR 1,000. Risk damage reduction is specified with 0.2. The damage is reduced to EUR 1,000 * (1 - 0.2) = EUR 800.

Ignored assignments

Controls are objects of the Function type and can theoretically be connected with Risks through the occurs at connection. In semantic terms, this connection does not make sense. If a risk was linked to the control via both a connection of the is reduced by type and of the occurs at type, the risk would occur as a consequence of control execution and, at the same time, the control would reduce the damage caused by the risk. Therefore, connections of type occurs at between risks and controls are ignored during simulation (models B and C, or the control is not executed (model A).

If a risk was linked to the control via both a connection of the is reduced by type and of the occurs at type, the risk would occur as a consequence of control execution and, at the same time, the control would reduce the damage caused by the risk.

Ignored assignments in model A

Ignored assignments between risks and controls a)

Ignored assignments in model B

Ignored assignments between risks and controls b)

Ignored assignments in model C

Ignored assignments between risks and controls c)