Control Deficiency Finding

Detects control deficiency findings from internal audits and compliance assessments.

Type: keyword_list
Confidence: medium
Confidence justification: Medium confidence: keyword-based detection requires corroborative evidence for accurate identification.
Jurisdictions: au
Regulations: AML/CTF Act (Cth), IPA 2009 (Qld), Privacy Act 1988 (Cth)
Frameworks: ISO 27001, NIST CSF, PCI-DSS
Data categories: security, audit
Scope: narrow
Risk rating: 9

Should match

Control deficiency finding: material weakness in access control effectiveness — Test match 1
Significant deficiency audit finding with remediation and management response — Test match 2
Control gap assessment: finding severity high, compensating control required — Test match 3

Should not match

Quality control procedures — Non-match 1
Remote control battery replacement — Non-match 2

Known false positives

Generic control in non-audit contexts. Mitigation: Require audit-specific terms like deficiency, material weakness, or finding severity.