Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk control techniques 193
|
Corrective controls
Table 16.1 provides a brief description of the nature of corrective controls. Corrective controls are the next option after it has been decided that preventive controls are not technically feasible, operationally desirable or cost-effective. Corrective controls are capable of producing an entirely satisfactory result, whereby the current level of risk is reduced to within the risk appetite of the organization. Examples of corrective controls can be found in the management of health and safety at work. Engineering containment by way of barriers or guards is a very well-established type of corrective control. In relation to fraud exposures, use of passwords or other access controls can be considered to be corrective controls. Staff rotation and regular change of supervisors also fit into this category of controls. The advantage of many corrective controls is that they can be simple and cost- effective. Also, they do not require that existing practices and procedures are eliminated or replaced with alternative methods of work. The controls can be implemented within the framework of existing activities. The disadvantage of some corrective controls is that the marginal benefits that are achieved may be difficult to quantify or confirm as cost-effective. Risk control techniques 193 Sometimes, corrective controls are over-engineered and their cost is dispropor- tionate to the benefit that is achieved. It is for risk management practitioners and internal auditors, as well as employees themselves, to identify where expensive and/or ineffective corrective controls have been implemented. Very often, corrective con- trols are put in place because of regulatory requirements. This may be unsatisfactory from the point of view of the organization and introduce additional costs and/or inefficiency. However, it is for the organization to ensure that the appropriate level of corrective control is achieved in order to comply with the minimum requirements of legislation. The design and implementation of corrective controls is often the cause of consider- able discussion and even disagreement. For example, there is sometimes discussion with building occupiers about fitting sprinklers as a corrective control that will activate in case of fire and reduce the damage caused by the fire. Occupiers of premises with computer installations will often say that sprinklers in computer rooms are inappro- priate. Whilst understanding that water does damage computer installations, fire engineers will usually counteract the objections by pointing out that ‘water causes damage, but fire destroys’. Although this analysis is correct and sprinklers do prevent total destruction, the disadvantages and unintended consequences of installing additional controls always need to be carefully considered. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|