Skip to content
Skip to main content
header search
ahihi OpenLearn
OpenLearn
Menu
sticky search

About this free course

Become an OU student

Download this course

Share this free course

Course content Course content
Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

More free courses

3.1 Controls

The more important each control is (i.e. the bigger the level of risk reduction it achieves) the more important it is to have assurance. Assurance of controls should look at both the design (does the control, as designed, reduce the probability or impact of the risk?) and also the operation (is the control operating in the way the design intended?), to confirm that both are effective.

There is a ‘many to many’ relationship between risks and controls. This means that each risk could have several controls related to that risk, but also one control may mitigate several risks. Controls are often embedded in processes. Organisations often get assurance over their controls by auditing their processes. When identifying their key controls, organisation should also consider situations where they are reliant on a single control.

Activity 2 Risk/control matrix

Timing: Allow approximately 10 minutes

One way to manage the ‘many to many’ relationship is by using a risk/control matrix.

Click on the interactive to start selecting your answers from the drop-down options.

Interactive feature not available in single page view (see it in standard view).