Instructions for Using the PRC Matrix
1. Process Tab
Planning.
How to Use:
Begin by listing all your business processes under the respective Macroprocess and Sub-process colum
Provide clear and concise Descriptions of each process.
Assign a Process Owner to each process to ensure accountability.
Classify the Process Type based on its role in the business (core processes are critical to delivering the p
Keep the Process Status updated to reflect its current state (e.g., Active or Inactive).
2. Risks Tab
data for evaluating and managing risks and mitigating their potential impacts.
How to Use:
Identify and describe each risk in the Risk Description column.
Classify the risk in terms of Risk Category.
Evaluate the Impact Level and Likelihood to calculate the Risk Score. This score helps prioritize risks.
Assign a Risk Owner and update the Risk Status as risks are identified, mitigated, or closed.
Create an Action Plan for addressing the risks, and keep the status updated.
Use the Last Updated Date column to track when the information was last reviewed or revised.
3. Controls Tab
risks and ensure business operations are secure and compliant.
How to Use:
List the controls used to mitigate risks in the Control Description column.
Assign a Control Type and Control Owner for accountability.
Define the Control Objective to clarify what each control is designed to achieve.
Track the Control Frequency to ensure controls are evaluated at the right intervals.
Update the Control Status to reflect whether the control is active or needs revision.
Evaluate and track Control Effectiveness regularly to identify areas for improvement.
Document Control Testing and the Control Outcome to provide evidence of the control’s performance.
�nd Sub-process columns.
tical to delivering the product or service, support processes aid the core, and management processes control and mo
ntial impacts.
lps prioritize risks.
or revised.
trol’s performance.
�ocesses control and monitor).
�[Link] Identification
Process ID Macroprocess Sub-process
�������������������������Description Process Owner
�������������������������Process Type Regulatory/Compliance Stan Third-Party or Vendor Depend
�������������������������Process Status Financial Impact Reputational Impact Operational Impact
�������������������������Client Impact Legal & Regulatory ImpacCriticality Level
�������������������������[Link] Assessment
Risk ID Risk Description Risk Category
�������������������������Impact Level Likelihood Risk Score Risk Owner
�������������������������Risk Status Regulatory/Compliance Standa
�������������������������Action Plan Description Action Plan Responsible
�������������������������Action Plan Status Last Updated Date
�������������������������[Link] Assessment
Control ID Process ID Control Description
�������������������������Control Type Control Objective Control Frequency Control Automation
�������������������������Regulatory/Compliance StandaControl Owner Control Status
�������������������������Control Testing Control Effectiveness Frequ Effective Tests Effectiveness Rating
�������������������������Control Testing Outcome Control Implementation Control Maturity Risk ID
�������������������������Corrective Actions Next Review Date
