Control Self-Assessment Policy

This policy outlines a set of procedures for the control self-assessment process. Self-assessment is an organized means of using knowledge of those who are most familiar with a topic, such as processes/controls.

The intent of this document is to assist control owners, process owners and internal audit with implementing and executing the control self-assessment (CSA) process. It follows an 8-step testing approach: (1) Define the CSA control scope, (2) Build the test plan, (3) Execute testing, (4) Test QA/analyze test results, (5) Documentation and retention, (6) Close meeting, (7) Action plan management and remediation, and (8) Independent verification (internal audit only).