Jingga/Organization-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-11 21:08:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Dennis Eichhorn 2022-11-30 21:29:15 +01:00
parent 09e19f4ee6
commit b9e539946d
12 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Processes/01_Development_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Development Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ----------------- | ------------------------------ | ------------------------------------------------------------ | ---- | ---- | ----------------- | ----------------------------- | ---------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | ------------------------------------------------------------ | ---- | ---- | --------- |
| 1 | CTO | Operational Risk (Development) | Unauthorized source code and development asset access. | 1 | 1 | Many times a day | Unmanaged access permissions. | Preventing (System & Manual) | Only authorized people gain access to confidential source code and development assets. | 1 | 1 | | Not all source code and development assets are considered confidential and may be publicly accessible. The confidential aspects are determined by the CTO. | yes | yes | |
| 2 | CTO | Operational Risk (Development) | Undefined terms of intellectual property for code contributions. | 1 | 3 | Many times a day | | Preventing (Manual) | The terms of intellectual property for all contributions are well defined. | 1 | 1 | | | yes | yes | |
@ -23,12 +23,12 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/02_Purchase_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Purchase Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | -------------------------------------- | --------------------------- | ------------------------------------------------------------ | ---- | ---- | ---------------- | ----- | ---------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | Employee | Operational Risk (Purchase) | Purchasing not the optimal investment product due to no market research. *"Optimal" includes product/service quality, vendor reliability, price, ...* | 1 | 1 | Many times a day | | Preventing (Manual) | Compare products and vendors | 1 | 1 | | | yes | yes | |
| 2 | See purchase approval table | Operational Risk (Purchase) | Unauthorized purchase (budget risks, fraud, compliance, ...) | 1 | 1 | Many times a day | | Preventing (Manual) | Authorize purchases according to the purchase approval table. This functions as control and separation of responsibilities. | 1 | 1 | | | yes | yes | |
@ -30,12 +30,12 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/03_Sales_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Sales Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ------------------------------- | --------------------------- | ------------------------------------------------------------ | ---- | ---- | ---------------- | ----- | ---------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | ------------------------------------------------------------ | ---- | ---- | --------- |
| 1 | Sales | Operational Risk (Sales) | Invalid offer | 1 | 1 | Many times a day | | Preventing (System) | Use default offers. | 1 | 1 | | | yes | yes | |
| 2 | Sales | Operational Risk (Sales) | No flexibility in case of none-standard customer requests. | 1 | 1 | Many times a day | | Preventing (Manual) | Custom offers for customers. | 1 | 1 | | | yes | yes | |
@ -37,12 +37,12 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/04_Support & Service_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Support & Service Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ---- | ------------------------------------ | ------------------------------------------------------------ | ---- | ---- | ---------------- | ----- | ------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | CTO | Operational Risk (Support & Service) | No legal basis for accessing customer data during customer support & service. | 1 | 1 | Daily | | Preventing (Manual) | Every customer must sign the Customer Data Protection Policy before they can receive support & service | 1 | 1 | | | yes | yes | |
| 2 | CTO | Operational Risk (Support & Service) | No legal protection regarding liabilities and responsibilities during customer support & service. | 1 | 1 | Daily | | Preventing (Manual) | Every customer must sign the Customer Service Agreement before they can receive support & service | 1 | 1 | | | yes | yes | |
@ -30,13 +30,13 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/05_HR_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# HR Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ---- | --------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | --------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | DHR | Operational Risk (HR) | Unauthorized search for new employees. | 1 | 1 | | | Preventing (Manual) | Only selected people can authorize the employee search. | 1 | 1 | | | yes | yes | |
| 2 | DHR | Operational Risk (HR) | Job postings are not posted according to the legal requirements. | 1 | 1 | | | Preventing (Manual) | Job postings must be posted internally and at the agency for labor. | 1 | 1 | | | yes | yes | |
@ -46,12 +46,12 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/06_Finance_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Finance Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ---- | -------------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ------------------------------------------------------------ | --------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | CFO | Operational Risk (Finance) | The company doesn't have a budget as a basis for their operations. | 1 | 1 | | | | The deadline for the budget finalization is defined with enough time until the new business year starts. | 1 | 1 | | | yes | yes | |
| 2 | CFO | Operational Risk (Finance) | The budget is not approved/reviewed. | 1 | 1 | | | | The budget must be approved by the management. | 1 | 1 | | | yes | yes | |
@ -24,12 +24,12 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0firefod

6
Processes/07_Management_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Management Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ---- | ----------------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | ------------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | ------------------------------------------------------------ |
| 1 | CEO | Operational Risk (Management) | The business operations are not planned appropriately (risks, chances, resources, ...). | | | | | Preventing (Manual) | Annual budget process as described in the finance process. | | | | | yes | yes | |
| 2 | CEO | Operational Risk (Management) | Critical information are not appropriately shared in the company. | | | | | Preventing (Manual) | Regular meetings such as executive committee meetings, head of department meetings and department meetings. Publicly available organization structure and processes which clearly communicate tasks and responsibilites. Annual employee evaluations for additional information sharing. | | | | | yes | yes | |
@ -19,13 +19,13 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/08_Quality Management_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# Quality Management Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | --------------------- | ------------------------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | ------------------ | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | Internal auditor, DQM | Operational Risk (Quality Management) | Processes are not correctly implemented, no longer up-to-date or insufficient. | | | | | Revealing (Manual) | Every department is audited at least once a quarter by internal auditors. | | | | | | | |
| 2 | Quality Management | Operational Risk (Quality Management) | The products and services contain insufficiencies which are not detected during the regular development controls and checks. | | | | | Revealing (Manual) | The software, documentation and services are manually tested like a normal customer/user would use them. | | | | | | | |
@ -16,13 +16,13 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

6
Processes/09_IT_Risk Control Matrix.md
View File

@ -1,6 +1,6 @@
# IT Risk Control Matrix
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | -------------------- | --------------------- | ------------------------------------------------------------ | ---- | ---- | ------ | ----- | ------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | CTO | Operational Risk (IT) | Data loss | | | Daily | | Preventing (System) | Automatic daily local backups | | | | | | | |
| 2 | CTO | Operational Risk (IT) | Data loss | | | Daily | | Preventing (System) | Automatic daily backups to external/remote service providers | | | | | | | |
@ -20,12 +20,12 @@
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0

0
Processes/Quality Management/COSO/FSCP.md Normal file
View File

4
Processes/Quality Management/COSO/Risk Management/Risk Management Review Template.md
View File

@ -32,7 +32,7 @@ For details see the [Risk Register](Risk%20Register.md) and the Risk Control Mat
### New risks
| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ---- | -------- | ---------- | ---- | ---- | ---- | ----- | --------------- | ------------------- | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| | | | | | | | | | | | | | | | | |
@ -42,7 +42,7 @@ Abbreviations:
* L: Likelihood (1-5)
* C: Consequence (1-5)
* L\*/C\*: Likelihood and Consequence after mitigation
* O: Occurrence (many times a day, daily, weekly, monthly, annually)
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient

BIN
Processes/Quality Management/COSO/Risk Management/Risk Report.xlsx
View File

Binary file not shown.