Matrix Mapping: the easiest and best way to map internal controls

 

Stop and check!

The most common format for documenting internal controls (i.e. format for "control matrices") takes far too long to write and produces huge documents of little practical use. It's so inefficient that people naturally cut corners, giving a distorted view of controls and risk. I should know; I made the wrong choice myself once. Never again!

If your company has documented its internal controls using some kind of matrices or has to do so in future it is well worth getting the right format in place. This is one of those details that makes a huge difference. If you already have matrices check them and, if they are the wrong style, plan to reformat them as soon as possible. If you have still to start them or have just started a project to write control matrices, stop, check, and restart your project using the right style of matrix. If you don't you will regret it later.

Wrong and right formats

The format most people think of first when asked to map internal controls to risks is the obvious one: a list of risks, with controls written against each risk to show the risk is covered. The layout is some variation on the one below, with other columns added for extra information and cross referencing:

Risk/control objective	Controls
Risk A	Controls addressing risk A
Risk B	Controls addressing risk B
Risk C	Controls addressing risk C
Risk D	Controls addressing risk D
etc	etc

At first glance this seems sensible and there is no obvious objection in principle. However, this is a disastrous choice. If the format your company uses, or plans to use, is like this then read on.

A vastly superior format is to list controls down the left hand column, and risks across the column headings, then mark off where controls address risks within a matrix of small cells, like this:

Control	Risk A	Risk B	Risk C	Risk D	etc
Control 1		1	1
Control 2			1		1
Control 3	1				1
Control 4			1	1	1
etc

In this example, Risk A is covered by Control 3 only. Risk B is covered by Control 1 only. Risk C is covered by Controls 1, 2, and 4. And so on.

At first glance this seems unpromising. Surely there will be lots of wasted space? Won't the column headings be difficult to read? What if there are too many risks to fit across the page?

All these are minor issues whose impact can be minimised, and they are insignificant next to the hidden drawbacks of the more obvious approach. The next section looks in more detail at the advantages and disadvantages of each type.

Shocked by the possibility of centralized AI

Two figures above is comparing Human Synapse activity with Internet activity. And the result shows surprising similarity....

At the first, I've not surprised with the figure...but when I began to continue tracking in my mind, I've found something ineterest that could't make me stop thinking about it. In fact I knew the similarity since a few years back. I've known it but never try to think it more.

Without any reason, I figured :" Yeah...it's possible if our brain neural network be the same as internet traffic visualization since neurons, or nerve cells, each have a pair of projections—the axon and the dendrite, which transmit and receive impulses, respectively. On the other hand the internet especially in P2P sharing have Client Servers and each have pair of projections - the suppliers and the consumers of resources. Yap, it was a suitable analogy...I thought.

But....suddenly, without any reason, I've a question in my mind....Is it possible if once time in the future of the world will have one centralized artificial intelligence ( i called it) that can fully control all the network ( all the brain)  using internet or other form of electronic device ( like immersed nano chip or internet network program which can penetrate and fully take control our mind, etc).

Nowadays the possibility of one mandatory artificial intelligence which can control the human brain increasing since the nano technology discovered. The application of nano technology influence in neuro science, biotechnology, information technology significantly. 

Imagining it, I can say my negative perception is more dominate my mind than positive perception...I knew it was not fair .... this happened to me because since I was young I have raised in Christianity Doctrine that said in the end of days there will appear deceivers that will use the immersed chip in human body to control us....

Later I decided not to use that doctrine again since I grew up in maturity and my reading experience.. so I prefered to compare this matter wisely...when I did it, I got one sentence to conclude my thought about it :

In a dynamic and uncertainty thing, there will always be a chance that a new thing can be exploited to have the positive impact or negative impact. And we are human become the decision maker to it.

So back to my spontaneous reaction to this matter, I must observe this matter with all the possibilities impact to us as a human being. And I got whatever the new thing arise before us, it is our decision as a human being to bring it to the positive thing for human kind or vice versa....

And I decide to believe that both of neuro science or information and communication technology progress/ improvement will bring the positive impact for humand kind....

Finally I decide not to fear about the negative impact from the possibbility emergence of centralized artificial inteligence that can control our mind.