Generally, if you have risks that are outside of appetite you would plan to add additional controls to bring these risks within appetite. Control Status is the mechanism within StartRisk that you can use to track planned controls.
Control Status indicates if controls are actively managing risks ('Implemented') or intended to enhance risk management in the future ('Planned'). The Control Status is set in the Control Editor.
Control Status Selection in Control Editor:
Understanding control status helps in strategic planning, resource allocation, and provides insights into the organisation's current risk profile.
'Implemented' controls are integral to the current risk mitigation efforts and effectiveness assessments. Implemented controls are used when determining the Residual Risk Rating while planned controls are not.
'Planned' controls are crucial for future risk strategies but do not contribute to the current reduction of risk levels. Planned controls are used when determining the Forecast Risk Rating.
Risk Rating in Risk Editor:
Implemented Controls: Controls that are currently active and mitigating risks.
Planned Controls: Controls identified for future implementation to improve risk management.