During a compliance review, the board asks for examples of corrective controls implemented over the past fiscal year. Which of the following activities represents a corrective compliance control?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Think of corrective controls as the clean-up crew after a wreck. Preventive controls (like pre-clearance in choice A or third-party screening in choice D) try to keep the car on the road. Detective controls (like transaction screening in choice C) flash a red warning light when you drift. But once a policy is actually broken, you need to step in and fix the damage—and make sure it doesn't happen again. That's where disciplinary action comes in. By reprimanding or terminating an employee who broke the rules, you are correcting the behavior and showing the whole company that the rules actually have teeth. Got it? Sweet.
Full explanation below image
Full Explanation
Compliance controls are mapped into three functional categories based on their operational timing: Preventive controls are intended to deter or block non-compliant acts before they occur (e.g., pre-clearance workflows, pre-onboarding screening); Detective controls are intended to identify and alert personnel to violations or anomalies that have occurred (e.g., real-time transaction screening, audits); and Corrective controls are intended to remediate, correct, or mitigate the impact of a detected violation and prevent recurrence. Executing formal disciplinary measures is a corrective control because it occurs after a violation has been detected. It aims to rectify the behavior, enforce accountability, and deter future infractions by demonstrating that policy breaches carry consequences. Options A and D are preventive controls designed to block unauthorized or risky actions before they occur. Option C is a detective control designed to identify anomalies within ongoing activities.