Back

Use rewards and career development to motivate personnel.


CONTROL ID
06906
CONTROL TYPE
Behavior
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish job categorization criteria, job recruitment criteria, and promotion criteria., CC ID: 00781

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Implement incentives that motivate desired conduct and recognize those who contribute to positive outcomes to reinforce desired conduct. (OCEG GRC Capability Model, v. 3.0, P5 Incentives, OCEG GRC Capability Model, v 3.0)
  • Recover from undesirable conduct, events, and conditions; correct identified weaknesses; execute necessary discipline; recognize and reinforce desirable conduct and deter future undesired conduct or conditions. (OCEG GRC Capability Model, v 3.0, P1.3 Establish Responsive Actions and Controls, OCEG GRC Capability Model, v 3.0)
  • Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and… (§ 3 Principle 5 Points of Focus: Establishes Performance Measures, Incentives, and Rewards, COSO Internal Control - Integrated Framework (2013))
  • Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives. (§ 3 Principle 5 Points of Focus: Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance, COSO Internal Control - Integrated Framework (2013))
  • The organization shall use rewards and career development to motivate personnel. (§ 6.2.4.3(c)(4), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
  • Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives. (CC1.5 ¶ 3 Bullet 3 Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence, and provide rewards or exercise disciplinary action, as appropriate. (CC1.5 ¶ 3 Bullet 5 Evaluates Performance and Rewards or Disciplines Individuals, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and… (CC1.5 ¶ 3 Bullet 2 Establishes Performance Measures, Incentives, and Rewards, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence, and provide rewards or exercise disciplinary action, as appropriate. (CC1.5 Evaluates Performance and Rewards or Disciplines Individuals, Trust Services Criteria)
  • Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives. (CC1.5 Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance, Trust Services Criteria)
  • Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and… (CC1.5 Establishes Performance Measures, Incentives, and Rewards, Trust Services Criteria)
  • Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and… (CC1.5 ¶ 2 Bullet 2 Establishes Performance Measures, Incentives, and Rewards, Trust Services Criteria, (includes March 2020 updates))
  • Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives. (CC1.5 ¶ 2 Bullet 3 Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance, Trust Services Criteria, (includes March 2020 updates))
  • Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence, and provide rewards or exercise disciplinary action, as appropriate. (CC1.5 ¶ 2 Bullet 5 Evaluates Performance and Rewards or Disciplines Individuals, Trust Services Criteria, (includes March 2020 updates))
  • Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields. (T0374, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields. (T0374, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)