Control self-assessment

rdf:langString Control self-assessment

rdf:langString Control self-assessment is a technique developed in 1987 that is used by a range of organisations including corporations, charities and government departments, to assess the effectiveness of their risk management and control processes. A "control process" is a check or process performed to reduce or eliminate the risk of error. Since its introduction the technique has been widely adopted in the United States, European Union and other countries. There are a number of ways a control self-assessment can be implemented but its key feature is that, in contrast to a traditional audit, the tests and checks are made by staff whose normal day-to-day responsibilities are within the business unit being assessed. A self-assessment, by identifying the higher risk processes within the organisation, allows internal auditors to plan their work more effectively. A number of governmental organisations require the use of control self-assessment. In the United States it is a requirement of the FFIEC that control self-assessments are performed on IT systems and operational processes on a regular basis. Benefits claimed for control self-assessment include creating a clear line of accountability for controls, reducing the risk of fraud and the creation of an organisation with a lower risk profile. In certain circumstances control self-assessment is not always effective. For example, it can be difficult to implement in a decentralised environment, in organisations where there is high employee turnover, where the organisation goes through frequent change or where the senior management of the organisation does not foster a culture of open communication.