Control Types
Controls can be defined by referencing the control types defined in the risk and control system concerned.
A control nomenclature frequently used is that defined by the COBIT.
COBIT signifies "Control Objectives for Information and Related Technologies" .
COBIT is a framework of best practices that now integrates numerous other frameworks and has the support of a large number of world experts. Of the 34 processes defined in COBIT there are 318 corresponding control objectives for which detailed control practices have been identified. The proposed verification guide describes elements necessary for correct understanding of each process, specifies controls to be carried out, provides elements for assessment of conformity to best practices and assessment of risk of non-achievement of objectives.
A control type allows the classification of controls implemented in a company in accordance with regulatory or domain specific standards (Cobit, etc.).To access the list of control types with the Control and Risk Architect profile:
1. From the Repository paint, select Controls and Risks navigation window, then expand the folder that corresponds to your repository.
The Regulation Frameworks and Control Systems folders appear.
2. Expand the Regulation Frameworks folder.
The control type tree appears.
To create your own risk types with the Risk Manager (simplified) profle in the Risk Library tab, select Risks > Categories > Control Types.