# Controls

Safeguards that reduce AI risk.

Track: AI Risk and Controls

## What is it?

A control is a safeguard that reduces risk. In AI work, a control can be a rule, checklist, approval step, technical limit, review process, training habit, or logging requirement.

## Why it matters

Controls matter because good intentions are not enough. People get busy. AI answers look confident. Vendors add features quickly. Controls create a safer way to use AI without depending only on memory or judgment in the moment.

## How it works

Start with a risk, then choose a safeguard. If the risk is sensitive data exposure, the control might be a rule that blocks personal data from public tools. If the risk is wrong output, the control might be source checking. If the risk is unclear ownership, the control might be named approval before launch.

## Analogy

A seat belt does not stop you from driving. It reduces harm if something goes wrong. AI controls should work the same way. They let useful work continue, but with better protection.

## Example usage

A team may require human review before AI output is sent to customers. A company may keep an inventory of AI tools. A policy may say employees cannot paste confidential client data into unmanaged AI tools. Each is a control.

## How to use this

Do not start with a giant control library. Start with the top three risks in one use case. Add one practical control for each risk. Make sure someone owns it.

## Common mistake

The common mistake is writing controls that look good on paper but nobody follows. A useful control is simple, visible, and tied to real work.

## Question to ask

- **Risk link**: Which specific risk does this control reduce?
- **Owner**: Who makes sure the control happens?
- **Evidence**: How do we know the control was used?
- **Friction**: Is the control simple enough for people to follow?

## Quick quiz

What is an AI control?

## Flashcard

**Question:** What is a control?

**Answer:** A control is a practical safeguard that reduces a specific risk.