Printer Friendly, PDF & Email

Risks versus controls

Margaret Hambleton ( is President of Hambleton Compliance LLC in Valencia, CA.

There are generally three significant components to completing a risk assessment: (1) identification of potential risk areas, (2) assessing the organization’s vulnerability to each risk, and (3) developing an action plan to address the risks that fall outside the organization’s risk tolerance. While there is a significant number of discrete steps within each component, I want to focus on one aspect of the risk identification process that often causes some confusion: identifying an actual risk versus a potential control weakness.

This document is only available to members. Please log in or become a member.