Control Self-Assessment Overview

Table of Contents

Control Self-Assessments are the core of Audit Foundry. Most frameworks specify the frequency with which controls must be executed and/or validated. For example, a requirement for quarterly privileged access reviews, would be met by controls that are validated at least quarterly. Audit Foundry generates new Controls Self-Assessments (CSAs) and sends notifications to the person in the role assigned to “Responsible” owner with a link to their User Dashboard. If no Responsible owner is assigned, the Accountable owner receives the notification.  at the specified intervals. The CSA must be executed, and evidence attached prior to the end of that period, usually at the end of that month.

CSA Process Overview

Stages of the CSA Process #

1Control Owner (CO)Assessment PendingInitial CSA creation
2Control Owner (CO)Assessment In-ProgressCSA started but not completed
3Control Owner (CO)Assessment OverdueCSA was not completed before the due date
4CO > QA Reviewer (QA)QA Review PendingAssessor completes and submits the CSA
5QA ReviewerQA Review In-ProgressQA starts but does not complete assessment
6QA > COAdditional Info RequiredQA returns CSA to CO for more information
7QA ReviewerQA Review OverdueQA was not completed before the due date
8QA > Risk ManagementQA complete w/exception(s)QA Review completed with issues
9QA ReviewerQA Review CompletedQA Review completed without issues
CSA Stages

Powered by BetterDocs