Control is an action or a mechanism put in place to manage a risk. It represents a decision-making step with accompanying decision logic used to determine execution approach for a process or to ensure that a process complies with governance criteria.