I have a similar query, not sure whether this was addressed since this was posted 6 years ago. I could not find any supporting documentation or other related posts in this forum.
My challenge is that we need to start calculating control effectiveness using a rating mechanism similar to the one shown below.
The idea is that during internal control audits, one can rate the effectiveness of the control. Now, this should ideally be reflected in the control itself (being a property of the control, not of the audit on the control). I can achieve that by including a custom drop down field showing the % ranges on the control, that would be updated as part of the control audit process.
However, how would this be linked to the risks which are being mitigated by this control? It would help, if the residual risk (‘risk treatment’ in Eramba terminology) would be updated to reflect the status of the related control effectiveness.
I’m wondering whether anyone else has encountered similar requirements and how they have used Eramba to facilitate such risk assessments and related measurements and monitoring.