
Self-assessment is a recognized best practice that has been applied to risks and controls for many years. When systematically applied across the organization at the entity and process levels, self-assessment is a pre-determined approach where individuals self-review or self-audit the controls they are responsible for and communicate the results to appropriate management.
This guide is designed to assist control owners, process owners and internal audit with implementing and executing the a self-assessment process focused on IT controls. Topics covered in this training guide include:
- How self-assessment should be deployed
- Conduct an IT self-assessment survey
- Scoping
- Testing schedule
- Exceptions
- Testing review
- Action plan management and remediation
- Independent verification
- Document retention