Skip to main content

Control level

Short Description

A control-level is a measure for the efficiency and effectiveness in which a control produces the results specified by its control objective.

Like risk levels and compliance levels, control-levels can be expressed in many forms. The single criterion for expressing it is whether it helps the owner of the control to determine, in the governance process of that control, whether or not to make changes to the assessed controls, and if so, what kinds of changes are called for.

To ensure this, parties may specify the assessment framework(s) that auditors should use for assessing the efficiency and effectiveness of controls, and thereby determine their respective control levels.

Purpose

The purpose of control-levels is help parties determine and prioritize the work that needs to be done in order to maintain the efficiency and effectiveness of their controls.

Criteria

A control-level

  • is a measure of some kind (e.g. 'Low', 'Medium', 'High', or a digit in some integer interval, or similar);
  • signifies a statement about how efficient and effective a control realizes its associated control objective;
  • is associated with a party that uses it to determine and prioritize the work that needs to be done in order to maintain the efficiency and effectiveness of their controls;
  • can be the result of assessing the efficiency and effectiveness of a control.