Which category of controls includes daily checks such as user rights reviews and background investigations?

The correct choice is administrative controls. This category encompasses policies, procedures, and practices that govern the actions of personnel in an organization. Daily checks like user rights reviews and background investigations fall under this category because they are focused on managing the human element of security. Administrative controls are integral for ensuring that employees have appropriate access to systems and that background checks are conducted to mitigate risks associated with personnel.

Understanding that operational risk controls typically involve processes and procedures specifically designed to manage risks associated with the day-to-day operations of an organization can clarify why they aren't the correct choice. Management controls, on the other hand, are broader and relate to the overall governance and oversight of policies, while technical risk controls refer to security measures implemented through technology, such as firewalls and encryption, which do not directly involve user reviews or background investigations.