Table of Contents
Control Self-Assessments are the core of Audit Foundry. Most frameworks specify the frequency with which controls must be executed and/or validated. For example, a requirement for quarterly privileged access reviews, would be met by controls that are validated at least quarterly. Audit Foundry generates new Controls Self-Assessments (CSAs) and sends notifications to the person in the role assigned to “Responsible” owner with a link to their User Dashboard. If no Responsible owner is assigned, the Accountable owner receives the notification. at the specified intervals. The CSA must be executed, and evidence attached prior to the end of that period, usually at the end of that month.
Stages of the CSA Process #
| # | Actor | Stage | Description |
| 1 | Control Owner (CO) | Assessment Pending | Initial CSA creation |
| 2 | Control Owner (CO) | Assessment In-Progress | CSA started but not completed |
| 3 | Control Owner (CO) | Assessment Overdue | CSA was not completed before the due date |
| 4 | CO > QA Reviewer (QA) | QA Review Pending | Assessor completes and submits the CSA |
| 5 | QA Reviewer | QA Review In-Progress | QA starts but does not complete assessment |
| 6 | QA > CO | Additional Info Required | QA returns CSA to CO for more information |
| 7 | QA Reviewer | QA Review Overdue | QA was not completed before the due date |
| 8 | QA > Risk Management | QA complete w/exception(s) | QA Review completed with issues |
| 9 | QA Reviewer | QA Review Completed | QA Review completed without issues |
