Control Owners and their Delegates are responsible for assessing Controls to ensure the Control documentation meets their organization's needs. Controls are linked to a Risk then assigned to a Control Owner. All Controls that require actions from the Control Owner appear on the My Tasks page.
To Perform a Control Self-Assessment:
Log into a user account from the Control Owner and Delegate User Group to display the My Tasks page.
- Click a Control to open the Control form.
- Optional: Edit the Control Name or Description fields.
- Select a Control type option in the Automated Control dropdown.
- Select the frequency of the Control in the Frequency dropdown.
- Select the appropriate option to describe the Control in the Key Control dropdown.
- Select whether the Control is Preventive or Detective in the Prevent or Detect dropdown.
- Drag or browse for a file in the Supporting Attachments field. Files can be up to 100 MB in size. Most files types are accepted, however, you cannot upload files with the following extensions:
- .bat
- .exe
- .gif
- .sh
- .dll
- .com
- Click Add Existing Policies under the Policies table. Begin typing keywords in the search bar and click + Add next to the desired policy.
- Select an option that describes the effectiveness of the Control in the Control Self-Assessment dropdown.
- Optional: In the Issues & Actions section, click Add Existing Issues. Begin typing keywords in the search bar and click + Add next to the desired Issue.
- Click Submit for Review to return the Control to the Risk Team for review. If the Risk Team finds the Control requires further remediation, they may send it back to the Control Owner.