Control Matrix 2805
vinod_sd last edited by
Facing problems in maintaining Control Matrix.
How exactly it should look like and what are the key fields which need to be part of the Control matrix?
Any help is appreciated
kymike last edited by
There is no standard or mandated format for the matrix.
I would suggest that it include the following information -
Control that covers the risk
FS assertion related to the risk
Risk level (low, medium, high)
Who performs the control
Frequency with which the control is performed
Whether the control type is prevent or detect
Whether the control is manual or automated or a combination
Accounts covered by the control (BS and IS)
There are probably other attributes that can be added to this list. This is what we have in our control matrices.