1.4 : Control & Self Assessment (Doshi) Flashcards
What is a Control Self-Assessment (CSA)?
·
A technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes.
What is important for teams to do during a CSA?
Team understands the business process, define the controls and generate an assessment of how well the controls are working
What are the (3) objectives of a CSA?
(1) To leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional areas.
(2) To concentrate on areas of high risk.
(3) To enhance audit responsibilities (not replacement)
What are the benefits of a CSA?
1- Early detection of Risk
2-More effective and improved internal controls
3- Assurance provided to stakeholders and customers
What are the disadvantages of a CSA?
It could be mistaken as an audit function replacement
What is the purpose of CSA?
(1) Enhance the audit responsibilities (and not audit replacement)
Name the PRIMARY success factor of a CSA?
Involvement of line management in control monitoring
What is the traditional approach to assessment?
Primary responsibility on analyzing and reporting on internal control and risk is assigned with the auditors
What is the CSA approach?
Staff at all level are responsible for primary controls and risk analysis.
An IS auditor is evaluating control self-assessment program in an organization. What is MAIN objective for implementing control self-assessment (CSA) program?
A. To replace audit responsibilities
B. To enhance employee’s capabilities
C. To comply with regulatory requirements
D. To concentrates on high risk area
D. To concentrates on high risk area
Explanation: In any given scenario, objective of control self assessment is to concentrate on areas of
high risk. CSA involves education of line management in control responsibility and monitoring and concentration by all on areas of high risk. The objectives of CSA programs include the enhancement of audit responsibilities, not replacement of audit responsibilities.
An IS Auditor has been asked by the management to support its CSA program. The role of an IS auditor in a control self-assessment (CSA) should be that of:
A. program incharge
B. program manager
C.program partner
D. program facilitator
D. program facilitator
Role of IS auditor is to facilitate the control self assessment program. During a CSA workshop, they should lead and guide the clients in assessing their risks and relevant controls. Choices A, B and C should not be roles of the IS auditor. These roles are to be assumed by the client staff.
For successful control self-assessment (CSA) program, it is essential to:
A. design stringent control policy
B. have auditors take responsibility for control monitoring
C. have line managers take responsibility for control monitoring
D. implement stringent control policy
C. have line managers take responsibility for control monitoring
One of the success factors for effective CSA program is involvement of line management in control monitoring. The success of a control self-assessment (CSA) program depends on the degree to which line managers assume responsibility for controls.
An IS auditor has been asked to participate in implementation of control self-assessment program. The auditor should participate PRIMARILY as a:
A. Team leader
B. The auditor should not participate as it would create a potential conflict of interest.
C. Facilitator
D. Project Controller
C. Facilitator
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator.
During a CSA workshop, auditor should guide the clients in assessing their risks and relevant controls. Choices A, B and D should not be roles of the IS auditor. These roles are to be assumed by the client staff.
An IS auditor has been asked to facilitate a control self-assessment (CSA) program. Which of the following is an MAIN objective of a CSA program?
A. Replacement of audit responsibilities
B. Enhancement of audit responsibilities
C. To evaluate risk management program
D. To provide audit train
B. Enhancement of audit responsibilities
Following are the major objectives of CSA program:
(1) To concentrate on area of high risk
(2) To enhance audit responsibilities
Choice C and D are the means to achieve the CSA objectives
Which of the following the BEST time to perform a control self-assessment involving all concerned parties?
A. post issuance of audit report
B. during preliminary survey
C. during compliance test
D. preparation of the audit report
B. during preliminary survey
Control self-assessment (CSA) is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes. Team understand the business process, define the controls and generate an assessment of how well the controls are working. This is best achieved during preliminary survey phase.
MAIN objective of a control self-assessment (CSA) program is to:
A. substitute audit program
B. substitute risk management program
C. support regulatory requirements
D. enhance audit responsibilities
D. enhance audit responsibilities
An objective associated with a CSA program is the enhancement of audit responsibilities (not a replacement). Process owner define the controls and generate an assessment of how well the controls are working. This supports the audit objec
A PRIMARY advantage of control self-assessment (CSA) techniques is that:
A. it ascertains high-risk areas that might need a detailed review later
B. risk can be assessed independently by IS auditors
C. it replaces audit activities
D. it allows management to delegate responsibility for control
A. it ascertains high-risk areas that might need a detailed review later
CSA helps to identify high risk area that need to be reviewed and controlled. Risk need to be assessed jointly with business staff. CSA enhances audit responsibilities (and do not replaces audit activities). Accountability for controls remains with management.
IS auditor is facilitating a CSA program. Which of the following is the MOST important requirement for a successful CSA?
A. Ability of auditor to act as a workshop facilitator
B. Simplicity of the CSA program.
C. Frequency of CSA program.
D. Involvement of line managers
D. Involvement of line managers
Key to the success of a control self-assessment program is the support and involvement of the management and staff responsible for the process being assessed. All other options are essential for CSA to be successful, however in the absence of active involvement from those responsible, the other choices will not result in a successful CSA.
Which of the following is an objective of a control self-assessment (CSA) program?
A. Concentration on areas of high risk
B. Conducting training and workshop
C. To increase risk awareness
D. To replace risk management program.
A. Concentration on areas of high risk
In any given scenario, objective of control self assessment is to concentrate on areas of high risk and
to enhance control monitoring by functional staff. The objectives of CSA programs include education for line management in control responsibility and monitoring and concentration by all on areas of high risk.
An organization has implemented CSA programme. What is the advantage of CSA over a traditional audit?
A. Early identification of risk
B.Reduction in audit workload
C.Increase in cost of control
B.Reduction in audit resources
A. Early identification of risk
Control self-assessment (CSA) is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes. Team understand the business process, define the controls and generate an assessment of how well the controls are working. This helps in early identification of risks.
What is the auditor’s role in CSA?
the facilitator
In any given scenario, objective of control self assessment is to
concentrate on areas of high risk and to enhance control monitoring by functional staff.
In any given scenario, role of an IS auditor in a control self-assessment (CSA) should be that
of facilitator.
In any given scenario, most important success factor for CSA is
involvement of line management.
In any given scenario, purpose of CSA is to
enhance the audit responsibilities (and not audit replacement).
