background
Control Self Assessment [CSA] is a technology originally developed by the Canadian Gulf Company in 1987. In March 2000, the European Commission approved a white paper on CSA. In the United States implementing the Sarbanes-Oxley Act in 2007, Section 404 of the Act requires companies to conduct top-down risk assessments, which require CSA. In the UK in 2011, the Financial Services Authority [now the Financial Conduct Authority] recognized in its recommendations for improving operational risk management that assessing risk through control self-assessment may be an important means of identifying risks. Today, a wide range of entities, including private sector companies, voluntary agencies [charities] and public sector entities, use CSA to assess the effectiveness of their risk management and control processes.
The Institute of Internal Auditors offers courses, seminars and certification self-assessment [CCSA] certification.
The Information Systems Audit and Control Association [ISACA] created a framework called COBIT [Control Objectives for Information and Related Technologies]. The control self-assessment is included in COBIT's control target ME2.4.
What is control self-assessment
CSA is a management technology that can be used to ensure reliable internal and external key holders for the company's internal control systems. CSA allows direct involvement of business units, functions or process managers and work teams to assess the company's risk management and control processes. CSA can cover goals, risks, controls and processes.
CSA is a sustainable process and management has verified the effectiveness of its internal controls through testing. Each process owner and function control owner within the company performs a validity test to verify that the key control is functioning effectively.
Each process owner develops test scripts for each key control and has their team perform the given tests throughout the year. This allows the management to verify that these controls are valid. CSA plans to extend the role of operations management from evaluating its internal control design to testing and validating the effectiveness of its internal controls throughout the year.
Benefits of the CSA program
An effective CSA program can bring many benefits, including:
• Develop clear accountability for internal controls;
• Minimize the risk of fraud;
• Create an improved control environment that reduces the company's risk;
• Sustainability of management and compliance programs;
• Reduce regulatory compliance costs
CSA plan
The first step in any CSA program is to document the company's control process in order to determine the appropriate method for measuring or testing each control. The actual testing of the controls is performed by the employees, whose daily roles are located in the area of the company being evaluated because they know best how the process works. Common tips for performing an assessment are:
• Internal Control Questionnaire [ICQ] or Custom Questionnaire
• Interview skills
• Control model seminars or interactive workshops
Some companies choose a combination of methods appropriate to their operations to implement an effective CSA program. After the assessment is completed, each control can be rated based on the response received to determine the likelihood of its failure and the impact of the failure. These ratings can be summarized to produce a risk matrix that shows potentially vulnerable areas.
In any CSA program, the key steps are to determine the nature and scope of the company's CSA program, launch a plan, perform the first round of testing and review, and then learn from the process before completing the entire process. .
in conclusion
Entities have different drivers and want to strengthen internal control environments, such as regulatory requirements, ownership changes, senior management changes, implementation of major ERP systems, or just want stronger internal controls to increase efficiency. Regardless of the driver, you should consider implementing a CSA plan. By implementing an effective CSA program, the entity can deepen its internal control responsibilities into the company, ensuring the sustainability of internal control compliance efforts and ultimately reducing the cost of overall compliance efforts. In other words, an effective CSA program will drive a greatly improved internal control environment, ensuring that all internal and external key holders operate effectively.
Orignal From: Control self assessment
No comments:
Post a Comment