Control self assessment (csa)

Control Self-Assessment (CSA)
Prepared by; Anchalee S.Wanichkul © 2014

Contents
• Why do CSA?
• How to do CSA?
• CSA Format
• CSA Benefits
• Things to concerns

Why do CSA?
• CSA allows managers and work teams directly involved in business units,
functions or processes to participate in assessing the organization’s risk
management and control processes.
• CSA help management to clarify business objectives and to identify and deal
with the risks to achieving those objectives.
• Continuous assurance that the internal controls, regulatory requirements,
policies and procedures are being followed in every corner and at every level
of the business.
• CSA operates by employees (not the auditors) to self-evaluate the controls
or processes. The employees have wealth of information about internal
controls and fraud (if it exists).
• The organization is much bigger than can be reviewed by a single group of
people, even using a risk-based approach. CSA could help cover more areas
with fewer people.
• Etc.

CSA Format
• Risk based;
“Focus on identifying the risks in achieving business objectives, then
identify the controls in place to manage the key risks.”
• Objective based;
“Focus on ways currently used to accomplish a given objective, then
identify the risks that still remain (the residual risks) to achieving the
objective.”
• Control based;
“Focus on how well the controls already in place are working. This format
may use a specific control framework such as COSO to identify the
controls in place.”
• Process based;
“Examine a process from beginning to end and identify the strengths and
weaknesses of each process step.”
• Departmental based;
“Examine the overall situation of dept. and identify the things that help the
dept. function well.”

How to do CSA?
Define
Processes
Risk
Identification
Risk
Assessment
Control
Identification
Control
Assessment
Action Plan
Creation
Improvement
1 2 3 4 5 6

How to do CSA?
1) Understand processes/activities
2) Prepared the questionnaire or checklist
3) Risk identification and Risk assessment
4) Control identification and Control assessment
• Existing controls (effectiveness?)
• Additional Controls (need establish?)
5) Action plan creation
“CSA should be performed at least once half-yearly
to follow up the point to develop and subsequent risk
assessment.”

CSA Benefits
• CSA helps staff all levels to more understand and assume
responsibility for effective control and risk management by
involving them in assessment process.
• Corrective action is more effective because participants “own” the
results.
• Workshops improve communication at all levels, particularly
between managers and work teams.
• CSA increases the awareness and understanding of the
organizational objectives.
• CSA can quickly focus on high-risk issues and concentrate efforts
there.
• CSA can provide an assessment of soft or collaborative controls
which are difficult to assess with traditional auditing.

Things to concerns
• People are generally resistant to change.
• Someone view CSA as simply a shift of work a way for internal audit
to get line employees to do audit’s job.
• The results may not be accurate because the participants were not
knowledgeable, open and honest.
• Facilitators may not be as experienced in the areas of discussion in
CSA workshops.
• Etc.
“CSA is more difficult if work teams will not be opens and candid.”

Reference List
• A Discussion on Control-Self Assessment, KPMG, 15 May 2012
• Control Self-Assessment: Facilitation Skills Participant Guide,
Appendix A, IIA, Inc. Altamonte Springs, FL, 2009

Control self assessment (csa)

More Related Content

What's hot

Viewers also liked

Recently uploaded

Control self assessment (csa)