Verifying Controls and Leveraging Automation
Details how critical control effectiveness is verified (often using custom forms in the Inspections & Audits module), how outcomes are processed in CCM, and the role of automation.
Purpose
Once critical controls are identified, their effectiveness needs regular verification. The CCMS module logs these verifications and can automate responses and workflows to streamline your CCM program.
1. Verifying Critical Control Effectiveness
Verification checks if critical controls are in place and working as intended. "Critical Control Verification" records are used to log these activities and their outcomes.
- How Verification Outcomes are Handled:
Verification activities, such as checks, tests, and audits, are crucial for ensuring Critical Controls are effective. These activities are often conducted and documented using custom forms specifically designed for this purpose within the Inspections & Audits module (e.g., a "Critical Control XYZ Verification Checklist"). Whether the verification is done via a detailed form in the Inspections & Audits module, a simpler manual check, or an automated data feed, the myosh CCM module is primarily concerned with the outcome (e.g., Pass/Fail, Effective/Ineffective) of this verification.
- On Fail:
- The linked "Controls" record status can be updated (e.g., to "Not Effective"). This will be reflected on the Bowtie.
- A "Critical Control Verification" record is created (manually or via a Rules Engine automation) documenting the failure.
- Email notifications can be sent if a verification record indicates "Fail" and is "Completed."
- Corrective actions can be manually linked or automatically generated (depending on broader configuration) from the "Critical Risk Assessment" or "Controls" record.
- On Pass:
- A "Critical Control Verification" record is created, documenting the success.
- The "Controls" record status might be updated to "Effective."
- On Fail:
- "Critical Control Verification" Record:
This form primarily logs:
- Which Critical Control was verified.
- The Verification Date and who Verified by.
- The Pass/Fail outcome – this is crucial for triggering other processes.
- Comments for observations.
- It has a simple workflow (e.g., "Draft," "Completed").
2. Automation of Your CCM Processes
The CCM module uses automation (configured by administrators) to make your CCM program more efficient and responsive.
- Key Automation Capabilities:
- Automatic Status Updates:
- A "Controls" record status (e.g., "Not Effective") can automatically update the visual on a Bowtie.
- A "Critical Risk Assessment/MUE" record can automatically change status (e.g., to "Control Issues") if a linked Critical Control becomes "Not Effective."
- Notifications and Alerts:
- Emails can be sent when a "Critical Risk Assessment" is pending approval or if an MUE becomes uncontrolled (due to control failure).
- Emails can be sent if a "Critical Control Verification" results in a "Fail."
- Action Management:
- While corrective actions can be manually linked, your administrator can configure the Rules Engine to automatically generate actions in the Actions Module if a control fails verification.
- Workflow Management:
- Defined workflows for "Critical Risk Assessment" and "Controls" records ensure they are reviewed and approved by the right people, with automated notifications at each step.
- Automatic Status Updates:
These automations help ensure that issues are flagged, risks are dynamically reassessed, and necessary actions are initiated promptly.
Version: 1
Visualising and Analysing Risks with Bowtie Diagrams
How to use interactive Bowtie diagrams to visualise MUEs, causes, consequences, and controls, including the use of AI-assisted Bowtie creation and analysis.
Reporting and Configuration
Information for administrators on configuring the CCM module to organisational needs and leveraging CCM data for reporting and dashboards.