Which of the following describes the purpose of detective controls?

The purpose of detective controls is best described as identifying incidents after they have occurred. Detective controls are designed to detect and report any undesirable events, such as security breaches, fraud, or compliance failures, allowing organizations to respond and mitigate any potential impact. By monitoring, analyzing, and reviewing processes and systems, these controls provide insights into whether things are functioning as intended and highlight any issues that may require attention.

In contrast, other options serve different purposes. For example, minimizing the cost of internal audits relates to efficiency improvements rather than detection of incidents. Creating awareness about compliance requirements is more aligned with training and educational measures, focusing on preventing violations before they happen. Lastly, preventing risks from being introduced pertains to preventive controls, which aim to stop issues from occurring in the first place rather than identifying them post-event. Therefore, the correct description of detective controls focuses on their role in recognizing incidents after they happen, enabling organizations to respond appropriately.