Professional Documents
Culture Documents
For a full description of this kind of risk-control matrix refer to the web page "Matrix
Mapping: the easiest and best way to map internal controls" at
www.internalcontrolsdesign.co.uk/matrices.
In this template there are three distinct groups of controls: those already in place,
those agreed but not yet operating (i.e. in development), and those proposed but not
yet agreed on.
After each set of controls there are revised summaries of the level of control
provided.
Several columns are provided for capturing information about controls and you use,
ignore, or add to them as you wish.
The set of control objectives can also be changed, and you can even add extra ones
if you like.
Another refinement you could add is to insert an assessment of the inherent risk
involved with each step and each control objective. Then add more summary
formulae to study how the risk levels stack up to the control levels.
Control
m1
m2
Summary scores C
A
V
U
CONTROLS IN DEVELOPMENT
1 Monitoring
Business monitoring report: debtors
2 Monitoring
Process monitoring report: process stats
etc etc
etc
m1
m2
Summary scores C
A
V
U
CONTROLS PROPOSED
1 Monitoring
Business monitoring report: debtors
2 Monitoring
Process monitoring report: process stats
etc etc
etc
m1
m2
Summary scores C
A
V
U
xxxx
Owner operational
Owner development
Frequency
Sampling
To do
date
Performance
evidence
Performance
rating
Objectives
Development
Operation cost cost
C
1
1
0
1
1
0
Summary scores
1
2
3
4
1
1
1
1
1
1
Summary scores
Step A
1
1
C
A
V
U
1
1
Summary scores
1
1
Process steps
C
A
V
U
C
A
V
U
Step D
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
Step E
1
1
0
0
0
0
1
1
Step C
0
0
0
0
1
1
1
1
Step B
0
0
0
0
0
0
0
0
ps
Step F
Step G
1
1
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0