T2P's Control & Risk Calculator (CRC) is a deceptively simple, decidedly serious tool designed to help you simplify information control assessments and make risk-relevant decisions about your information governance priorities and actions. You can use it to:

1. Record and track information about existing controls
2. Assess the likely effectiveness of controls against the recognized risk environment
3. Expose gaps in information governance, compliance, and control management that can represent unnecessary risk
4. Evaluate the impact of operational, environmental, and managerial changes on likely control effectiveness
5. Prioritize future information governance efforts based on existing control effectiveness

Starting with the information you provide about your control and risk environment, the CRC applies calculation logic based on widely accepted, standards-based criteria for control and risk assessment to evaluate and rank your information governance activities. The CRC's process flow looks like this:

Because different organizations can have very diverse approaches to information and risk management, the CRC is designed to supplement your existing efforts flexibly and conveniently. The tool does not require, predefine, or presuppose the existence of any particular systems, control frameworks, or risks. You can define all of these elements: the CRC simply provides a template for control evaluation and applies useful knowledge and analytical layers to the information you provide.

Further Information:

• The CRC itself
• CRC Deep and Wide
• CRC Screenshots
• CRC User Manual