My OpenLearn Profile

Personalise your OpenLearn profile, save your favourite content and get recognition for your learning

Create account / Sign in

Course content Course content

Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

More free courses

6 Control effectiveness

Control effectiveness must be tested in two dimensions:

Is the control designed effectively?
Is the control operating effectively?

It is important to make sure that the control is still working in the way that was originally intended. Because of this it is good practice to have assurance over controls. This is where people check that the control is designed and is operating as intended. It is also good practice to periodically review incidents (risks that have occurred) to see whether there are any other root causes that have occurred or haven’t previously been identified, and whether the controls really are operating as intended. If control weaknesses are found then a higher level of risk than expected is being taken. This activity can be seen as testing control effectiveness.

A control must firstly be designed to be effective, in that its phases should act as intended on the root cause, the event or the consequence. If the control is not designed correctly then even if operated effectively it cannot effectively manage the risk. For example, if a fire alarm only has smoke detectors fitted on one side of a building, it will fail to detect a fire on the other side of a building as a result of control design.

If designed correctly then the control must be operated effectively. The control in its operation in the organisation, deployed as per the design, provides the required action on the root cause, the event or the consequence to be effective in operation. In the case of the fire alarm, if smoke detectors were fitted but were disconnected from the electricity supply or had their batteries removed then they would fail to operate in the event of a fire.

To test effectiveness the organisation must seek to answer two questions: have the controls been designed effectively, and is the organisation operating these controls effectively?

More mature organisations will understand the cost of running and assuring a control and be able to compare it to the reduction in risk and incidents. They are then able to perform a cost–benefit analysis for their controls.

Previous 5.2 Different types of control

Next 6.1 Testing control effectiveness

Take your learning further

Making the decision to study can be a big step, which is why you’ll want a trusted University. We’ve pioneered distance learning for over 50 years, bringing university to you wherever you are so you can fit study around your life. Take a look at all Open University courses.

If you’re new to university-level study, read our guide on Where to take your learning next, or find out more about the types of qualifications we offer including entry level Access modules, Certificates, and Short Courses.

Want to achieve your ambition? Study with us and you’ll be joining over 2 million students who’ve achieved their career and personal goals with The Open University.

Browse all Open University courses

My OpenLearn Profile

About this free course

Become an OU student

Download this course

Share this free course

6 Control effectiveness