# Management Risk Control Matrix
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | ---- | ----------------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | ------------------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | ------------------------------------------------------------ |
| 1 | CEO | Operational Risk (Management) | The business operations are not planned appropriately (risks, chances, resources, ...). | | | | | Preventing (Manual) | Annual budget process as described in the finance process. | | | | | yes | yes | |
| 2 | CEO | Operational Risk (Management) | Critical information are not appropriately shared in the company. | | | | | Preventing (Manual) | Regular meetings such as executive committee meetings, head of department meetings and department meetings. Publicly available organization structure and processes which clearly communicate tasks and responsibilites. Annual employee evaluations for additional information sharing. | | | | | yes | yes | |
| 3 | CEO | Operational Risk (Management) | Insufficient resources (incl. HR) | | | | | Preventing & Revealing (Manual) | Resources are checked in various meetings, the budget process and during the annual employee evaluation. | | | | | yes | yes | |
| 4 | CEO | Operational Risk (Management) | Insufficient HR competencies | | | | | Preventing & Revealing (Manual) | HR competencies are evaluated in the hiring process and annual employee evaluations. The employee training is performed during the onboarding process and after identifying deficiencies during the annual employee evaluations. | | | | | yes | yes | |
| 5 | CEO | Operational Risk (Management) | Tasks and responsibilities are not clearly defined. | | | | | Preventing (Manual) | The leadership and responsibilities of the organization is defined in the Organigram. Additionally, responsibilities are also defined in the processes, risk control matrices, Document Owners and individual contracts. | | | | | yes | yes | |
| 6 | CEO | Operational Risk (Management) | Risks are not identified and/or prevented. | | | | | Revealing (Manual) | Various controling mechanisms are implemented to ensure the organization operating towards it's goals while considering risks and benefits. | | | | | yes | yes | [Internal audits](./Quality%20Management/Internal%20Quality%Management%Audit%Form.md)
[Risk Management](./COSO/Risk%20Management)
Process Risk Control Matrices
[Whistleblower System](../Policies%20&%20Guidelines/Whistleblower%20System.md)
Executive Committee Meeting
[Regular meetings](./Management/Information%20Flow.md)
Checklists as described in the processes
External audits
Monthly financial reporting
Quality control |
## Abbreviations
* R: Responsible
* L: Likelihood (1-5)
* C: Consequence (1-5)
* L\*/C\*: Likelihood and Consequence after mitigation
* F: Frequency (many times a day, daily, weekly, monthly, annually)
* ES: Effective
* EY: Efficient
2022-01-01 - Version 1.0