Assurance that all relevant controls have been identified and a consistent approach is taken across the enterprise
Improve risk management by identifying control weaknesses and prioritising improvements
Reduce the time and cost of control assessments by having easy access to all relevant control information and assessment history
Control assurance is a crucial part of effective risk management, it provides evidence to management that mitigating controls are effectively designed and operating sufficiently within the tolerances set by management. A key weakness of many organisations is just concentrating on assessing whether or not controls are in place to mitigate a risk and ignoring whether or not they are operationally effective. Quantifiable performance indicators or metrics against which targets can be set and measured are effective ways of determining a controls effectiveness as well as assessing factors such as ownership, reliability, evidence and documentation that the control is fit for purpose.
Management will require assurance that all relevant controls are applied to the correct assets, control compliance will vary depending on the asset that it is linked to and these variations should be visible to management. Using a risk management tool such as STREAM allows you to link any incidents that are related to a control to identify when and why that control failed and where improvements are needed. When a control is identified as being weak or ineffective an action should be raised to address this and then tracked to completion. Control assessments should be periodically reviewed to ensure the control is continually mitigating the risk as designed and that no new incidents have occurred. Doing so will provide complete up to date assurance to management that all mitigating controls are up to date, linked to all their relevant assets and are designed and operating effectively to mitigate the risk.
- Create controls dependencies and mappings between frameworks so that control effectiveness can be automatically calculated based on the deployment of related controls
- Set up assessment schedules to ensure that all control assessments are reviewed periodically with clear ownership and accountability
- Configure control assessment schemes to meet your requirements
- Link issues or incidents to controls to identify any failed or weak deployments, then raise and track actions.
Contact us to discuss your requirements