Internal Controls is a core element of the Risk Management program. It is used in the following ways:

- tagged in the risk register for the risk it's mitigating 

- tagged incidents as a required controls or control issue

- tagged in Evidence so you can reference which control(s) evidence is submitted for

- tagged in policy so your policy can be comprehensive

- tagged in asset so your stakeholders can see the controls required for the asset they are managing

Naturally, when you want to delete an Internal control, you may impact a chain of context that may depend on the control. So C1Risk is making it easy for you to define constraints to your risk management program with the following rules. When you hit a constraint, we recommend you discuss it with the risk team or the respective stakeholder for that process to agree on removing the constraint.

How to delete internal control and define the constraint?

Bulk Operation for IC Delete:

• If records has the below related records, Unlink then Delete

  • Control Library

  • Risk Register

  • Evidence 

  • Policy 

  • Asset

• If records has the below related records, do not delete. Skip the records for bulk operation.

  • Test Results

  • Findings 

  • Test Procedure

  • Incident

Detail page for IC Delete:

• If records has the below related records, Unlink then Delete

  • Control Library

  • Risk Register

  • Evidence

  • Policy

  • Asset

• If records has the below related records, do not delete. Throw friendly error message: “Unable to delete due to dependencies: Test Results, Findings”

  • Test Results 

  • Findings

  • Test Procedure

  • Incident