The PERFORM component includes reactive, preventive, and corrective actions and controls, which are essential for executing governance, risk, and compliance processes effectively.
Types of Actions and Controls:
Reactive Controls: Respond to events or risks that have already occurred (e.g., incident response).
Preventive Controls: Aim to avoid or mitigate risks before they materialize (e.g., access controls).
Corrective Controls: Address issues or gaps identified after an event (e.g., remediation plans).
Integration in the PERFORM Component:
These controls ensure that the organization performs effectively while minimizing risks and achieving compliance.
Why Other Options Are Incorrect:
A: Internal, external, and hybrid controls describe types of oversight, not action types.
B: Mandatory, voluntary, and optional actions relate to obligations, not control types.
C: Proactive, detective, and responsive controls mix similar concepts but do not fully describe the PERFORM component.
[References:, OCEG GRC Capability Model: Defines the types of actions and controls used in the PERFORM component., ISO 31000 (Risk Management): Discusses risk management controls as preventive, reactive, or corrective., , , ]
Submit