5.2 Different types of control

Let’s look at the different types of controls that can be used for risk treatment.

Maximise

Figure 5 Types of control

Show description|Hide description

A simple diagram of 4 boxes showing there are 4 types of control directive, preventative, detective and corrective. Directive is shown as being the weakest form of control; preventative is shown as the strongest form of control. If there is a detective control there must be a corrective element. An arrow shows the linkage between detective and corrective controls.

Figure 5 Types of control

Directive controls give direction. These are the weakest controls. Things like policies are directive controls; they state the practice to be followed but do not stop bad practice from occurring. The Highway Code is an example of a directive control.

Detective controls aim to identify a breach after the event, an example being a financial review or audit after activity has taken place. They will often lead to corrective action being taken.

Preventative controls act to nullify the root cause and thus prevent the event. These are often the strongest controls. Common preventative controls include segregation of duties and IT passwords.