4 : Control & Self Assessment Flashcards
What is Control Self-Assessment (CSA)?
·
A technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization’s risk management and control processes.
What teams should do
Team understands the business process, define the controls and generate an assessment of how well the controls are working
Objectives of CSA
1- To leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional areas.
2- To concentrate on areas of high risk.
3- To enhance audit responsibilities (not replacement)
Benefits of CSA
1- Early detection of Risk
2-More effective and improved internal controls
3- Assurance provided to stakeholders and customers
Disadvantages of CSA
It could be mistaken as an audit function replacement
1-Purpose of CSA
2- Audito’s role in CSA
1- Enhance the audit responsibilities (and not audit replacement)
2- Facilitator
Success factor of CSA
Involvement of line management in control monitoring
Traditional Approach
Primary responsibility on analyzing and reporting on internal control and risk is assigned with the auditors
CSA Approach
Staff at all level are responsible for primary controls and risk analysis.
(1) An IS auditor is evaluating control self-assessment program in an organization. What is MAIN
objective for implementing control self-assessment (CSA) program?
A. To replace audit responsibilities
B. To enhance employee’s capabilities
C. To comply with regulatory requirements
D. To concentrates on high risk area
Answer: D. To concentrates on high risk area
Explanation: In any given scenario, objective of control self assessment is to concentrate on areas of
high risk. CSA involves education of line management in control responsibility and monitoring and concentration by all on areas of high risk. The objectives of CSA programs include the enhancement
of audit responsibilities, not replacement of audit responsibilities.
(2) An IS Auditor has been asked by the management to support its CSA program. The role of an IS
auditor in a control self-assessment (CSA) should be that of:
A. program incharge
B. program manager
C.program partner
D. program facilitator
Answer: D. program facilitator
Explanation:
Role of IS auditor is to facilitate the control self-assessment program. During a CSA workshop, they
should lead and guide the clients in assessing their risks and relevant controls. Choices A, B and C
should not be roles of the IS auditor. These roles are to be assumed by the client staff.
(3) For successful control self-assessment (CSA) program, it is essential to:
A. design stringent control policy
B. have auditors take responsibility for control monitoring
C. have line managers take responsibility for control monitoring
D. implement stringent control policy
Answer: C. have line managers take responsibility for control monitoring
Explanation:
One of the success factors for effective CSA program is involvement of line management in control
monitoring. The success of a control self-assessment (CSA) program depends on the degree to
which line managers assume responsibility for controls.
(4) An IS auditor has been asked to participate in implementation of control self-assessment
program. The auditor should participate primarily as a:
A. Team leader
B. The auditor should not participate as it would create a potential conflict of interest.
C. Facilitator
D. Project Controller
Answer: C. Facilitator
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator.
During a CSA workshop, auditor should guide the clients in assessing their risks and relevant
controls. Choices A, B and D should not be roles of the IS auditor. These roles are to be assumed by
the client staff.
(5) An IS auditor has been asked to facilitate a control self-assessment (CSA) program. Which of
the following is an objective of a CSA program?
A. Replacement of audit responsibilities
B. Enhancement of audit responsibilities
C. To evaluate risk management program
D. To provide audit train
Answer: B. Enhancement of audit responsibilities
Explanation:
Following are the major objectives of CSA program:
(1) To concentrate on area of high risk
(2) To enhance audit responsibilities
Choice C & D are the means to achieve the CSA objectives
(6) Which of the following the BEST time to perform a control self-assessment involving all concerned parties?
A. post issuance of audit report
B. during preliminary survey
C. during compliance test
D. preparation of the audit report
Answer: B. during preliminary survey
Explanation:
Control self-assessment (CSA) is a technique that allows managers and work teams directly involved
in business units, functions or processes to participate in assessing the organization’s risk
management and control processes. Team understand the business process, define the controls
and generate an assessment of how well the controls are working. This is best achieved during
preliminary survey phase.
(7) Main objective of a control self-assessment (CSA) program is to:
A. substitute audit program
B. substitute risk management program
C. support regulatory requirements
D. enhance audit responsibilities
Answer: D. enhance audit responsibilities
Explanation:
An objective associated with a CSA program is the enhancement of audit responsibilities (not a
replacement). Process owner define the controls and generate an assessment of how well the
controls are working. This supports the audit objec
(8)A PRIMARY advantage of control self-assessment (CSA) techniques is that:
A. it ascertains high-risk areas that might need a detailed review later
B. risk can be assessed independently by IS auditors
C. it replaces audit activities
D. it allows management to delegate responsibility for control
Answer: A. it ascertains high-risk areas that might need a detailed review later
Explanation:
CSA helps to identify high risk area that need to be reviewed and controlled. Risk need to be
assessed jointly with business staff. CSA enhances audit responsibilities (and do not replaces audit
activities). Accountability for controls remains with management.
(9)IS auditor is facilitating a CSA program. Which of the following is the MOST important requirement for a successful CSA?
A. Ability of auditor to act as a workshop facilitator
B. Simplicity of the CSA program.
C. Frequency of CSA program.
D. Involvement of line managers
Answer: D. Involvement of line managers
Explanation:
Key to the success of a control self-assessment program is the support and involvement of the
management and staff responsible for the process being assessed. All other options are essential for
CSA to be successful, however in the absence of active involvement from those responsible, the
other choices will not result in a successful CSA.
(10) Which of the following is an objective of a control self-assessment (CSA) program?
A. Concentration on areas of high risk
B. Conducting training and workshop
C. To increase risk awareness
D. To replace risk management program.
Answer: A. Concentration on areas of high risk
Explanation:
In any given scenario, objective of control self assessment is to concentrate on areas of high risk and
to enhance control monitoring by functional staff.
The objectives of CSA programs include education for line management in control responsibility
and monitoring and concentration by all on areas of high risk.
(11)An organization has implemented CSA programme. What is the advantage of CSA over a traditional audit?
A. Early identification of risk
B.Reduction in audit workload
C.Increase in cost of control
B.Reduction in audit resources
Answer: A. Early identification of risk
Explanation:
Control self-assessment (CSA) is a technique that allows managers and work teams directly involved
in business units, functions or processes to participate in assessing the organization’s risk
management and control processes. Team understand the business process, define the controls
and generate an assessment of how well the controls are working. This helps in early identification
of risks.
