Risk statement ,Risk,Control objective,control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 12:08 AM - edited 06-10-2025 01:41 AM
Hi @SANDEEP DUTTA @Ankur Bawiskar ,
Can someone help. Since i am new to IRM.
I want to understand the difference between and with few examples of IT Risk Department Perspective based on banking sector.
1.Control objective and control(name and description)
2.RIsk statement and Risk(name and description)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 03:12 AM
Hi @Munny1 ,
Let's take an Example of an SOX's Requirement for an company for IT Risk Department Perspective.
We are trying to Mitigate a
Risk :SOX-IT-Changes to production application systems and programs are not properly authorized, tested, approved, implemented and documented
Risk Statement : SOX-IT-Changes to production application systems and programs are not properly authorized, tested, approved, implemented and documented
By applying :
Control Objective : SOX-SAP-15 Dev/Test/Prod Environments
Control: SOX-SAP-15 Dev/Test/Prod Environments
Financial institution Specific:
Risk / Risk Statement : SOX-RR-Revenue not recognized in the proper period
Control/ Control Objective 1 : SOX-RR-24 Non-US Deferred Revenue Reconciliation
Control/ Control Objective 2 : :SOX-RR-15 US Revenue Checklist
by applying the following control:
Sandeep Dutta
Please mark the answer correct & Helpful, if i could help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 04:30 AM - edited 06-10-2025 04:32 AM
Hi @SANDEEP DUTTA ,
Thanks for your response.
I understood that technically when we apply entity type to risk statement or control objective the risks or controls will generate automatically with the same name.
But If we want register a risk for risk statement as per below example manually.
In the similar way required a control objective and control example
risk: "System Downtime
Risk Statement:"Due to outdated IT infrastructure, there is a risk of system downtime within the financial reporting system during peak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 04:36 AM
Hi @Munny1 ,
That your Organization will tell you which control you need to apply for that Risk.
Sandeep Dutta
Please mark the answer correct & Helpful, if i could help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 07:34 AM