To edit and manage your Risk Control Matrix, navigate to the ‘Audits’ page and access the kebab menu icon and click “Revise RCM.” Here you will be able to download a template, edit the details of your RCM, and upload the template into FloQast.
Download RCM: The first screen you will see will say, “Download RCM.” This will allow you to download the RCM template from FloQast. This template will contain separate tabs where you can manage your list of processes, risks, and controls.
Updating the RCM: Once you have the RCM template open, you will be able to make any changes or additions to your RCM. The first tab will contain all of your Risks, and the second tab will contain all of your Controls.
You can change the following fields for the below Risk attributes (*denotes a required field):
- Risk Title: Risk Short Description (50 character limit)
- Risk Description*: Full length risk description
- Category*: Financial, Operational, Strategic, Regulatory, Governance
- Impact*: Very Low, Low, Moderate, High, Critical
- Likelihood*: Very Unlikely, Unlikely, Possible, Likely, Very Likely
- Risk Tolerance*: Low, Moderate, High
- Assertions: Existence or Occurrence, Completeness, Valuation or Allocation, Rights and Obligation, Presentation and Disclosure
You can change the following fields for the below Control Attributes (*denotes a required field):
- Control Title: Risk Short Description (50 character limit)
- Control Description*: Full length risk description
- Frequency*: Daily, Weekly, Every 2 weeks, Twice per month, Monthly, Quarterly, Annual, As needed, Custom
- Nature*: Preventative, Detective, Corrective
- Method*: Manual, Automated
- Impact*: Key-Control, Non-key
- Assertions: Existence or Occurrence, Completeness, Valuation or Allocation, Rights and Obligation, Presentation and Disclosure
- Primary and Secondary Control Owners: Populate using users’ FloQast login email
IMPORTANT: When making changes to your template, there are some essential things to keep in mind:
- Please do not remove/add any columns or tabs to the template.
- If you would like to add a brand new Risk or Control, you may fill in the appropriate required columns. Please be sure to match the format of the existing items when adding something new.
- If you would like to remove an existing Risk or Control, you may delete the entire row that the items appears in. (If you remove a Control from the template, it will still exist in the Controls Library)
- Please re-upload your entire template (not just the items you are editing) with no filters applied. Deleting a row indicates that you'd like to remove the item from your RCM.
- The file will export to .xlsx format and should be re-uploaded in .xlsx. Uploading a .csv could return an error for you.
Select File and Validate: Once all updates to the template have been made, you can import your RCM into FloQast and begin the validation process by clicking ‘Validate.’ This validation process will ensure no duplicate controls, risks, or processes are being added, as well as validate you are not mapping risks to nonexistent controls.
Confirm Import: Once FloQast validates your file, it will summarize the validation details (processes, number of risks, and number of controls identified). You can review these details and “Confirm Import.” Once confirmed, the updated details of the RCM will be loaded, and FloQast will confirm that the import was successful. You will then have the option to view your updated RCM.
