This presentation will show that many controls are not effectively mitigating the risk that they were designed to manage.
Watch the video
For many years the assurance community simply defined controls as being either preventive, detective, or corrective (reactive).
In the late 1990s, List & Brewer categorised these definitions into seven control classifications which provided the first hint that not all controls were one hundred percent operationally effective. However, they did not attempt to measure their effectiveness on a standard scale but rather left it to the judgement of the individual.
Sarbanes Oxley went a stage further in 2002 by requiring companies to identify and document their controls and then to regularly test their operation, but again on the premise that a control was one hundred percent effective.
This presentation will show that many controls are not effectively mitigating the risk that they were designed to manage. An algorithm will be offered which can be used to measure the effectiveness of any control and provide supporting evidence as to how the result was obtained.
Examples will support the efficacy of this method in helping to improve management’s understanding of control in managing business risks.
About the speaker
John Mitchell, Managing Director, LHS Business Control
Dr Mitchell is managing director of LHS Business Control, a consultancy which he founded in 1988 to specialise in corporate governance and risk management.
He is an international authority on corporate governance, the control of computer systems, the investigation of computer crime and the impact of regulatory and compliance issues on the delivery of IT services. John has been an expert witness in some high-profile UK criminal cases and has featured in a major British computing publication as The IT Detective.
He has previously been a member of the BCS Council, a member of its Risk Audit and Finance Committee and Chair of its Information Risk Management and Assurance specialist group.
He is currently a member of the Community Board Finance Committee and holder of the John Ivinson medal for services to the institute.
His doctorate in risk analysis techniques was awarded by City University, London, England. His MBA in financial control was awarded, with distinction, by Middlesex University, England.
Our events are for adults aged 16 years and over.
This event counts for two hours towards your CPD.
This event is brought to you by: BCS Information Risk Management and Assurance (IRMA) SG