Risk Control Effectiveness Checklist

2.1.1Control addresses the identified risk directly

2.1.2Control specification is clear and documented

2.1.3Control has defined success criteria/metrics

2.1.4Control is proportionate to the risk level

2.1.5Control does not introduce new significant risks

2.1.6Control aligns with regulatory requirements

2.1.7Control has assigned ownership

2.2.1Control addresses the identified risk directly

2.2.2Control specification is clear and documented

2.2.3Control has defined success criteria/metrics

2.2.4Control is proportionate to the risk level

2.2.5Control does not introduce new significant risks

2.2.6Control aligns with regulatory requirements

2.2.7Control has assigned ownership

4.1.1Automated controls functioning correctly

4.1.2Control triggers activate as designed

4.1.3Alerts/notifications working

4.1.4Logging of control activities operational

4.1.5System performance within parameters

4.2.1Procedures being followed consistently

4.2.2Required reviews/approvals occurring

4.2.3Documentation maintained as required

4.2.4Escalation procedures followed

4.2.5Communication occurring as required

4.3.1Human oversight occurring as designed

4.3.2Override capability tested and functional

4.3.3Personnel competent to perform oversight

4.3.4Decision support information adequate

4.3.5Stop/intervention capability functional

5.1Bias detection mechanisms operational

5.2Fairness metrics being monitored

5.3Bias thresholds trigger alerts

5.4Bias mitigation actions effective

5.5Regular bias testing conducted

5.6Results reviewed and acted upon

6.1Accuracy monitoring in place

6.2Accuracy within acceptable thresholds

6.3Performance degradation detection working

6.4Model drift monitoring operational

6.5Adversarial attack protections effective

6.6Fail-safe mechanisms functional

7.1Access controls functioning properly

7.2Authentication mechanisms effective

7.3Encryption implemented as designed

7.4Security monitoring operational

7.5Vulnerability management effective

7.6Incident detection capabilities working

8.1Data quality controls effective

8.2Data access controls functioning

8.3Data retention controls enforced

8.4Data lineage tracking operational

8.5Personal data protection controls effective

9.1Automatic logging capturing required events

9.2Log integrity protected

9.3Log retention meeting requirements

9.4Audit trail complete and accurate

9.5Logs accessible for review/investigation