What is a Control Activity?
For each of the risks identified within your organization, particularly those designated as key in the risk-control matrix, controls are described to substantially mitigate these risks within your organization's current process environment.
The descriptions of these controls are eventually expressed as Control Activities (CAs). These descriptions should be concise and free from unnecessary text. An outsider should easily see that the CA contributes to the mitigation or coverage of the risk. Additionally, you should clearly specify whether it is a user-based control or an application-based control.
Keep in mind that a described CA must be testable, meaning it can be effectively assessed for its functioning.
Ensure that when describing the CA, you incorporate the '5Ws' originating from English. This helps you to be succinct and include the most relevant information in the description:
- Who performs it?
- What information or input is needed to carry out the activity?
- HoW often is it performed and with what frequency?
- HoW is control evidence documented, and is reperformance possible?
- HoW are exceptions to the established norm identified and approved by the authorizing party?
Doel bepalen, plan maken en aan de slag
Doel bepalen, plan maken en aan de slag. Spreekt dat je aan? Start dan nu geheel kosteloos jouw route naar groei en succes. We geven je 14 dagen de tijd om onze gestructureerde Route ICR aanpak te ervaren. Van stappenplan en e-learning tot samenwerking en verbeterplan. En je zit nergens aan vast!
Lees ook Succesvol ondernemen kun je leren.