Control Maturity Framework
As part of the risk-based approach, the Risk Officer should be able to identify the control maturity expected by the company. A Control Maturity Framework allows the company to consider its control expectations against its inherent risk to determine the strength of its risk-based quality of controls, giving a more accurate residual risk. It also provides the context for prioritization and depth of management responses to third-party findings. Understanding the control maturity expectation allows the company to apply the proper level of control based on its size and maturity, enhances the residual risk analysis of the risk assessment, and provides context for prioritization and management responses to third-party findings.
For example, ACCCE describes an Incomplete Control Framework this way. The capabilities have been reviewed to manage the risk, but show areas needing improvement or have not been validated for effectiveness.
• Documented management control structure identifying responsibility and ownership
This resource is intended for:
- Cannabis Compliance Managers and Officers
- Cannabis Risk Managers and Officers
- Professional Service Providers