Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

Let’s Change the Way We Talk About Controls

Carole Switzer | October 27, 2015

If you have any familiarity at all with internal control concepts, you probably have an understanding of the traditional designations of preventive, detective, and corrective controls that relate to discouraging, finding, or correcting errors and irregularities. In the modern business world, I submit that this approach to internal control is simply not enough, and both the names for these groups of controls and the definitions of them must evolve.

Today, organizations are seeking Principled Performance—defined as reliably achieving objectives while addressing uncertainty and acting with integrity—and they want to address both downside threats and the upside offered by identifying and grasping opportunities. Nowhere is this clearer than in the context of the controls we establish for governance, risk management, and compliance (GRC) capabilities. The OCEG GRC Capability Model notes:

“To achieve Principled Performance, the organization must proactively encourage... To get the full story, subscribe now.