Control

Control is an action or a mechanism put in place to manage a risk. It represents a decision-making step with accompanying decision logic used to determine execution approach for a process or to ensure that a process complies with governance criteria.

Risk

Risk is an uncertain condition that can result in quantifiable damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.