In GRC capability and integrated control models, “PERFORM” focuses on executing actions and controls that achieve objectives while managing risk and meeting obligations. Measuring its effectiveness therefore centers on whether those actions/controls are well-designed (capable of preventing/detecting issues and enabling performance) and operating effectively (working consistently in practice). Option A reflects the standard GRC measurement approach used across internal control and assurance disciplines: design effectiveness asks “would this control/action work if executed as intended?” and operating effectiveness asks “is it actually being executed reliably, by the right people, with evidence?” Feedback (B), ROI (C), and audits/inspections (D) can be useful inputs or techniques, but they are not the primary definition of effectiveness measurement for a control/action component. Audits, for example, are a mechanism used by assurance functions to test effectiveness, but the measurement itself is still grounded in design and operating effectiveness criteria.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit