Regular auditing is predominantly a detective control because it helps in identifying unauthorized access or policy violations after they have taken place, by reviewing and examining access permissions and rights. While auditing may help in preventing incidents indirectly by identifying weaknesses, its primary function is not to prevent but to detect issues. Preventive controls, like access control mechanisms, are designed to stop unauthorized actions before they occur. Therefore, the statement is incorrect because the primary purpose of regular auditing is to detect, not prevent.