Good vs Bad control

Do you agree with the following statement "A poorly designed control that is followed is still better than a well-designed control that's ignored."

How do u approach this question

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community


  • Hello!

    Both are not acceptable since the risk is identiofied. If the risk is not identified, it's not possible to talk about not designed control. At least, it uncceptable to not design control for an identified risk (following its evolution requiredo a control) , even inoffensif it is. Any control become poorly designed as the context is nerver stable. So the matter is why not continiously improve controls.

  • Comment by Bruce Tutty 13 minutes ago

    No, they are both unacceptable.

    Agree with Bruce completely, 'A poorly designed control that is followed' would be like that guy selling fake bomb detector, giving people a false sense of security which is one of the biggest risks of all

  • Any process in Management that is not followed is like no action. Actions will not succeed on their own. They will need not only continuous followup but also continuous improvement.

    Control is also a process. It needs continuous followup. Definitely poorly designed can not match properly designed.

     So the statement itself is not very well designed.


  • I agree with Arie, it depends on whats wrong with the design of the control. If the poor design leads to the risk not being addressed at all then the organization is going to under a false sense of security while adhering to the control activity. That could be worse than understanding that you have a well designed control in place thats not being followed and as a result your risk is not covered.

  • Denying a control effectiveness is one of the mistake to ignore the risk metrics of the organization 

  • It depends.

    It depends on the definition of poorly and whether the control mechanisms are principle or rule based

  • I deny both - poorly designed control results in devastating the idea of risk control in general; well designed control that is not working highlights fundamental problem of risk control: whole organization is not involved. By the way, well designed control can't be ignored - design is not just tools or nice wallpaper, but implementation and PEOPLE involvement.

  • I agree with that statement although not ideal.  The risk is far greater by ignoring a control than not to follow a control at all.  One can always redesign a poorly designed control at a later time and use it in the interim than not follow one at all.  If a control is well-designed, why is it then not followed..? ... to me that indicates a lack of good governance if you have a good control in place and then not using it.

This reply was deleted.

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!