Identifying controls
It is generally preferable to inventory existing controls before implementing new ones.
To do so, controls can be identified in various ways:
• From risks
Certain controls are installed to meet a particular risk.
• From control type lists
Control type lists are associated with certain regulations (eg.: COBIT).
• From diagrams of existing processes
Similarly to risk identification, it is possible to examine the operation of each step in the process from its diagram, if this exists, to discover the controls installed.
• From specialist expertise
A specialist in a particular field is often able to describe controls which are or should be implemented.
• From incident databases
By consulting past events, controls that could have prevented them or reduced their consequences can be proposed.
Access to Controls
To access controls:
From the navigation bar, select Controls & Risks > Controls .As with risks, associated controls can be numerous. To improve control management, HOPEX Risk Mapper proposes several control classification criteria.