Controlled processes: Better risk mitigation

For better risk mitigation, process controls need to be incorporated from the start. A control requiring a data and signature might be instituted to ensure that a review is performed. Another control might be instituted to perform periodic restoration testing to further validate that the backups are effective. To implement effective controls, ask yourself what the objective of the process is, the value of the objective, what other processes are dependent on the process and what their values are to the organization, what other processes this process is dependent on, what are the risks to the objective, and what risks are unacceptable. Also, does the cost/benefit ratio make sense, what are the implementation costs and ongoing operating expenses, how it will impact productivity, how long it will take to implement, and will the mitigation activity will be reliable? Often, several lower cost controls can be combined to yield better risk reduction than one complex expensive control.

Learn more about the importance of process controls:
- read the article at CIO Update