# Quality Management Risk Control Matrix

| No.  | R                     | Category                              | Risk Event                                                   | L    | C    | F    | Cause | Mitigation Type    | Mitigation Strategy                                          | L*   | C*   | Changes | Comments | ES   | EY   | Evidences |
| ---- | --------------------- | ------------------------------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ----- | ------------------ | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1    | Internal auditor, DQM | Operational Risk (Quality Management) | Processes are not correctly implemented, no longer up-to-date or insufficient. |      |      |      |       | Revealing (Manual) | Every department is audited at least once a quarter by internal auditors. |      |      |         |          |      |      |           |
| 2    | Quality Management    | Operational Risk (Quality Management) | The products and services contain insufficiencies which are not detected during the regular development controls and checks. |      |      |      |       | Revealing (Manual) | The software, documentation and services are manually tested like a normal customer/user would use them. |      |      |         |          |      |      |           |
| 3    | Internal auditor, DQM | Operational Risk (Quality Management) | Processes and related documents are incomplete, incorrect or not correctly approved. |      |      |      |       | Revealing (Manual) | Internal audits and annual checks by the quality management department. |      |      |         |          |      |      |           |

## Abbreviations

* R: Responsible

* L: Likelihood (1-5)

* C: Consequence (1-5)

* L\*/C\*: Likelihood and Consequence after mitigation

* F: Frequency (many times a day, daily, weekly, monthly, annually)

* ES: Effective

* EY: Efficient

2022-01-01 - Version 1.0