We consider the problem of designing self-checking controllers for applications with sequential datapaths. Firstly we compare encoded and unencoded (one-hot) controller implementations and we argue that self-checking of encoded control signals is not sufficient in terms of testability. Subsequently, we present four alternative controller self-checking schemes, based both on parity and on the observation that a self-checking data path can be employed for control path self-checking as well, by exploiting Intrinsically Secure control states.