A control self-assessment is a technique used to facilitate early identification of emerging or changing risks in order to more effectively manage compliance requirements. This sample process slow provides a high-level overview of the control self-assessment process, focusing on identifying inherent risks, developing surveys, and action/test plans for identified gaps requiring remediation. Introducing a self-assessment process into your organization’s risk management plan can be instrumental in establishing and maintaining a compliance process, which provides management with the real-time information necessary to focus on identifying issues and solving problems.
Some additional steps outlined in this process include:
This document should be used as a general guide to understand and review this business process. Organizations should customize this tool to ensure that it reflects their business operations and continuously monitor the process to ensure that the steps described are accurate.
- Survey is deployed to and completed by process owner
- Self-assessment tool generates test plan based on survey responses
- Control owner addresses action plans
- Tester customizes test plan, executes test, and documents results
- PO's supervisor completes the control effectiveness evaluation