Risk control techniques
187
Preventive controls are designed to limit the possibility of an undesirable hazard 
event occurring. The majority of controls implemented in organizations in response 
to hazard risks are preventive controls. For health and safety risks, preventive con-
trols will include substituting a less hazardous material in the activity or enclosing 
the activity so that employee exposure to dust or fumes is eliminated. Examples of 
preventive controls for fraud risks are shown in Table 16.2.
Corrective controls are designed to correct undesirable circumstances and reduce 
unacceptable risk exposures. Such controls provide a key method whereby the risk is 
treated so that it becomes less likely to occur and/or the impact is much reduced. In 
general terms, corrective controls are designed to correct the situation. For example, 
machinery guards are corrective controls.
There has been debate about disaster recovery planning (DRP) and business
continuity planning (BCP) and whether they fit into the PCDD classification of the 
different types of hazard risk controls. Some organizations consider DRP and BCP 
to be directive controls, whereas others argue that they are corrective controls.
An alternative approach is to say that a DRP and BCP are concerned with crisis 
management and cannot be easily classified as a PCCD type of control and should 
be considered to be a fifth type of control.
In reality this argument, like so many other arguments about terminology, is
not helpful. When an organization is faced with a crisis, it will be in a much better 
position to cope if plans have been considered and put in place before the crisis 

Download 3.45 Mb.

Do'stlaringiz bilan baham: