Reader small image

You're reading from  CISA – Certified Information Systems Auditor Study Guide - Second Edition

Product typeBook
Published inJun 2023
PublisherPackt
ISBN-139781803248158
Edition2nd Edition
Right arrow
Author (1)
Hemang Doshi
Hemang Doshi
author image
Hemang Doshi

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.
Read more about Hemang Doshi

Right arrow

Types of Controls

An internal control is a process used to safeguard the assets of an organization. Assets can include systems, data, people, hardware, or the reputation of the organization. Internal controls help in achieving the objectives of the organization by mitigating various risks.

Internal controls are implemented through policies, procedures, practices, and organizational structures to address risks. Internal controls provide reasonable assurance to management about the achievement of business objectives. Through internal controls, risk events are prevented or detected and corrected.

Top management is responsible for implementing a culture that supports efficient and effective internal control processes.

Effective controls in an organization can be categorized into preventive, detective, deterrent, and corrective as shown in the following figure:

Figure 1.5: Types of effective controls in an organization

Figure 1.5: Types of effective controls in an organization

You will now explore these control...

lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Second Edition
Published in: Jun 2023Publisher: PacktISBN-13: 9781803248158

Author (1)

author image
Hemang Doshi

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.
Read more about Hemang Doshi