Control Framework - some Key Definitions

6 years 3 weeks ago #254 by ThomasG

Control – A measure, agreed upon by those involved, to mitigate a risk, by reducing the probability of occurrence
(“probability”), by reducing the impact (“impact”), or to reduce both the probability of occurrence and the impact.

Control activities – Control activities are the policies and procedures that help ensure that management directives are
carried out. They help ensure that necessary actions are taken to address risks to achieving objectives. Control
activities occur throughout the organization, at all levels, and in all functions. They include a range of activities as
diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets,
and segregation of duties.

Control objective – Control objectives provide specific targets against which to evaluate the effectiveness of internal
control. Typically they are stated in terms that describe the nature of the risk they are designed to help manage or

Decision table – A precise yet compact way to model complicated logic. Decision tables, like if-then-else statements,
associate conditions with actions to perform. Unlike the control structures found in traditional programming languages,
decision tables can associate many independent conditions with several actions in an elegant way.
Enterprise risk management – Enterprise risk management is a process, effected by an entity’s board of directors,
management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential
events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance
regarding the achievement of entity objectives.

Key control – Key controls are those that are most important to monitor in order to support a conclusion about the
internal control system’s ability to manage or mitigate meaningful risks.
Levers of control – A control model introduced by the Harvard Scholar Robert Simon.
Risk – A potential event, which might have an adverse effect on the goals of an entity. This also includes a missed

Risk management process – A uniform process for a structured and consistent approach to conduct risk management,
with the aim to provide insight into the key risks and controls of an entity.
Tax control framework (TCF) – A tax control framework is a system (process) to identify, mitigate, control and report tax
risks. A TCF forms part of a business control framework, which is different for every organization.

Please Log in or Create an account to join the conversation.

Time to create page: 0.138 seconds
Powered by Kunena Forum