Control Origins - Compensating Controls

About Us Contact Us Site Map Sign On

Opportunity Articles Models Approach Frameworks Industry Talk
Controls Unification Monitoring & Auditing Compensating Controls Corporate Responsibility	Compensating Controls As described by the American Institute of Certified Public Accountants (AICPA), "Some organizations, by virtue of their size, are not able to implement basic controls such as segregation of duties. In these cases, it is important that management institute compensating controls to cover for the lack of a basic control, or if a basic control is not able to function for some period of time." This is an important category of controls that is often over looked when internal control deficiencies are identified by either internal or external auditors. There are many different forms of compensating controls but few organizations have formally defined what the compensating controls could potentially be for each control. This can be a valuable reference as well as a potential cost savings in the audit process when a control is more expensive to implement and test that it's compensating control counterpart. The control should be marked “In Place” with a comment added that it is being met with a compensating control, and The Compensating Control Worksheet should be completed. In order to determine the “Objective” one must first understand the intent of the original control. What many people forget is that they want to know not only what the requirement intended, but also what it did NOT intend. This is an advanced area of PCI compliance. The intent only tells you the direction you want to go, but does not tell you the directions you want to avoid. Top of Page	Recent Blog Post Compliance and Security Monitoring vs. Auditing Visit Industry Talk Questions? For information and help - contact us. Company Overview ControlOrigins Overview
© 2006-2012 Control Origins. All Rights Reserved Terms of Use \| Privacy Policy A Web Project Mechanics Production