Control Self-Assessment



Control Self-Assessment (CSA) is a technology that was originally developed by Gulf Canada in 1987. In March 2000, the European Commission adopted a White Paper CSA. In the US, the Sarbanes-Oxley law was implemented in 2007, section 404 of the Act requires companies to implement top-down risk assessment required CSA. In the UK in 2011, the Financial Services Authority (now Financial Conduct Authority) recognized in its proposals for the improvement of operational risk management assessment of risk through self-control can be an important way to identify risks. Today, a wide range of sources including the private sector, voluntary sector (charities) and public bodies use the CSA to assess the effectiveness of risk management and control processes.

The Institute of Internal Auditors run courses, workshops and offer certification in Control Self-Assessment (CCSA).

The Information Systems Audit and Control Association (ISACA) created a framework called CobiT (Control Objectives for Information and related Technology). Control Self-Assessment within the Control Objective ME2.4 Cobi is.

What is the Control Self-Assessment

CSA’s management techniques that can be used to ensure key stakeholders, both internal and external, internal control of the company is reliable . CSA allows managers and work teams directly involved in the business units, functions or processes to participate in evaluating the company’s risk management and control processes. CSA can achieve the objectives, risks, controls and processes.

CSA is a sustainable process where management confirms the operating effectiveness of internal controls of the test. Each process owner and functional control owner within the company performs efficiency tests to verify that key controls are operating effectively.

Each process owner develops test specifications for each key management and controls his team to perform tests given throughout the year. This allows management to confirm that these controls are working effectively. A CSA program expands the role of the management of only the assessment of the design of internal controls to test and verify the effectiveness of internal controls of the year.

Benefits of CSA Program

Effective CSA program can deliver a number of benefits including:

• Creation of a clear line of responsibility for internal control;

• To minimize the risk of fraud

• Creation of better monitoring of the environment resulting in lower risks for the company;

• Sustainability compliance program management

• Reduction of regulatory compliance costs

CSA Program

The first step in the CSA program is inventory control business processes with the aim to identify appropriate ways to measure or test each command. The actual test of the monitoring is performed by staff who day to day role is within the area of ​​the company that is being evaluated as they have the most knowledge of how processes work. The common methods of assessment are:

• Internal Control Questionnaire (ICQ) or destinations Survey questionnaires

• Interview Techniques

• Control model courses or Interactive Courses

Some companies choose a combination of methods that suits their activities to implement an effective CSA program. On completion of the evaluation, each control can be rated based on the responses received to determine the probability of failure and the effects of failure occurred. These ratings can be summarized to produce a risk matrix shows potential areas of vulnerability.

All CSA program are key steps to define the nature and scope of the CSA program the company roll out schedule, performing the first round of testing and review, and then incorporate the lessons learned before you go through the process again.


parties have different drivers that will enhance the internal control environment such rules, change in ownership, change in management practice major ERP systems or simply want stronger internal controls to improve efficiency. What the driver is, to implement the CSA program should be considered. By implementing efficient CSA program module can embed internal control responsibility deep in the company, ensuring the sustainability of the internal control compliance efforts, and ultimately reduce the cost of overall compliance efforts. In other words, effective CSA program will drive a much better internal control environment, giving assurance of all major stakeholders, internal and external alike, to control the company’s operating effectively.


Leave a Reply

Your email address will not be published. Required fields are marked *