Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

5.2 Different types of control

Let’s look at the different types of controls that can be used for risk treatment.

Diagram of 4 types of control directive, preventative, detective and corrective.
Figure 5 Types of control

Directive controls give direction. These are the weakest controls. Things like policies are directive controls; they state the practice to be followed but do not stop bad practice from occurring. The Highway Code is an example of a directive control.

Detective controls aim to identify a breach after the event, an example being a financial review or audit after activity has taken place. They will often lead to corrective action being taken.

Preventative controls act to nullify the root cause and thus prevent the event. These are often the strongest controls. Common preventative controls include segregation of duties and IT passwords.