Prevent/Deter Actions & Controls are proactive measures implemented to manage risk before an event occurs. According to the OCEG GRC Capability Model, preventive controls are specifically "designed to prevent an undesirable event from occurring," while deterrent controls are "designed to discourage individuals from intentionally causing an undesirable event." The primary function of both is to reduce the probability, or likelihood, that a potential risk will materialize into an actual incident. By establishing these controls, an organization actively works to stop negative outcomes before they happen, which is the most effective way to manage risk.

B. To identify areas in the organization where compliance issues may arise

This describes the function of detective or monitoring controls, which are used to discover problems after they have already occurred.

C. To promote collaboration and teamwork among employees

This is a potential secondary benefit of a positive control environment, not the primary, defined purpose of prevent/deter controls.

D. To ensure compliance with industry-specific regulations

This is too narrow. While these controls are used for compliance, their role extends to mitigating all types of risk (e.g., operational, financial, strategic).

---

1. OCEG, "GRC Capability Model," Version 3.5, 2021. Section 4.2.3, Design & Implement Controls, Page 81. The document defines control types, stating, "Preventive – designed to prevent an undesirable event from occurring" and "Deterrent – designed to discourage individuals from intentionally causing an undesirable event." This directly supports that their role is to reduce the likelihood of such events.

2. Ruppel, C. P. (2007). Information Systems and Internal Control for Management. University of Toledo, College of Business Administration. In course materials discussing internal control frameworks, preventive controls are consistently defined as measures that "deter problems before they arise," which directly correlates to decreasing the likelihood of unfavorable events. (e.g., Chapter 5, Control and Accounting Information Systems).

3. Warren, C. S., Jones, J., & Tayler, W. B. (2020). Managerial Accounting. Cengage Learning. University-level accounting and auditing textbooks universally categorize controls by function. Preventive controls are defined as those that stop errors or irregularities from occurring, thus reducing their likelihood. (e.g., Chapter on Internal Control).