A control is a procedure that a business adopts to mitigate a risk. A control may be preventative, in that it stops bad things from happening; detective, in that it notices when bad things happen and alerts the right people; or corrective, in that it not only detects the bad thing, but automatically fixes it.
Preventative controls
Includes:
- Authorisation
- Access controls
- Segregation of duties
- Validation checks
- Training
Detective controls
Includes:
- Reconciliation
- Reviews
- Exception reports
- Surveillance
Corrective controls
- Fixing errors
- Revising policies
- Re-training
IT General controls
- Access Management
- Operations and Backup
- Change Management
- System Development
What is controls assurance?
Controls assurance is the process of obtaining confidence that controls are designed and operating effectively to manage the identified risk and achieve the related organisational objective.
Related pages
- Risks
- Controls documentation