Controls
Control activities comprise policies and procedures that enable assurance that risk treatment required by management has been effectively implemented. Control activities are present throughout the organization, at every level and in every function. They also include a range of varied activities such as validation, authorization, verification, data mapping, operational performance review, assets security and task assignment.
Risk identification and analysis previously described highlighted a certain number of risks against which it is important to be protected. It is therefore necessary to define the control activities that will prevent these risks and reduce their potential consequences.
These controls must be formally defined in order to respond to regulatory requirements such as the Sarbanes-Oxley Act, or Basel II agreements in the banking world.
A control is a set of rules and means enabling the assurance that a legal, regulatory, internal or strategic requirement is respected.In HOPEX Risk Mapper, there are different object types linked to controls:
• the object types enabling indication of the framework within which the control is installed (control system, control type, associated requirement or risk).
• the object types enabling indication of control implementation means (process, operation, service, constraint or resource, etc.).
• the object types enabling indication on responsibilities of control implementation (org-unit, person).
Operation and service object types are available with HOPEX Business Process Analysis.