Risk Controls

The policies, procedures, practices, or other mechanisms designed to modify risk by reducing likelihood, impact, or both. Controls can be preventive (reducing the chance of a risk materializing) or detective (identifying when a risk has materialized). In RBPM, controls should be proportionate to the risk they address and aligned with the organization's risk appetite. Effective controls enable pursuit of strategic objectives while maintaining risk exposure within acceptable boundaries. Control effectiveness is monitored through Key Control Indicators and regular assessment processes.