Control effectiveness refers to how well a control reduces or manages a risk. It’s a crucial aspect of risk management, as it is used to determine the efficiency and adequacy of the controls in place. StartRisk takes the identified controls and uses the effectiveness ratings to assess the residual risk level.
StartRisk uses a standardised control effectiveness criteria across all controls. When assessing the control effectiveness reference this table to ensure consistent assessments:
| Effectiveness | Description of Effectiveness |
|---|---|
| No Impact | The control does not address either the Likelihood or Consequence of the risk. |
| Poor | Control is in place. It covers the risk to a limited degree but may not capture all aspects of the risk or all occurrences of the risk. It provides a small level of comfort that the risk is being managed. |
| Fair | Control is in place, adequate, appropriate and effective. It covers the risk partially, typically requires manual processes or human involvement to provide a moderate level of comfort that the risk is being managed. |
| Good | Control is in place, adequate, appropriate and effective. It covers the risk comprehensively and covers most or all of the risk occurrences. It is typically automated and provides a high level of comfort that the risk is being managed. |
| Excellent | Control is in place and is highly tailored, effective and efficient. It covers the risk comprehensively, is typically automated and captures virtually all instances of the risk activity. It provides a very high level of comfort that the risk is being managed. |
When assessing control effectiveness in StartRisk you are required to assess the control effectiveness against the likelihood of a risk and the consequence of a risk separately to differentiate between the impact that the control has against these two aspects of the risk.
Control Effectiveness Rating is a measure indicating how well a control manages or reduces a risk.
Impact on Likelihood the effectiveness of the control in reducing the likelihood of a specific risk occurring.
Impact on Consequence the effectiveness of the control in reducing the consequence of a specific risk if it is to occur.
Imagine a manufacturing company facing the risk of machine operator accidents. The company implements several controls, including safety training, protective equipment, and machine safety guards.
Detailed below are example of the controls you might record in this case and a summary view of the recorded controls in the Risk Editor showing the impact of the controls on the Risk Rating.
Safety Training Control:
Generalised Safety training is a good control as all staff must go through the training on induction. The control would be more effective if the training addressed the operations of specific machines and included assessing competency of the operators.
Protective Equipment Control:
Protective equipment is a good control but there is a human element involved which can result in equipment not being used consistently and correctly.
Machine Safety Guards Control:
Safety guards are an excellent control when well designed and maintained because they should prevent certain machine accidents occurring every time the machine is used, they are specific to the machine and don’t require manual intervention. Safety guards don’t have any impact on consequence however.
Risk Editor Summary View:
