Assessing control effectiveness—an essential part of every risk assessment

ISACA’s ISACA Now Blog recently featured an excellent article discussing the importance of evaluating various levels of control effectiveness during IT’s risk management efforts.  IT Risk professionals should always remember that our residual risk evaluations assume a consistent, 100% effective evaluation of control performance.  However, this is not always the case and we should evaluate the impact of operational control failures on overall risk.

Be sure to hit the link above to read the short article.  What does your organization do to consider control effectiveness in IT risk management?