Control owners and their delegates are responsible for reviewing controls to ensure the control documentation meets their organization's needs. Controls are assigned to a requirement, which is then assigned to the Control Owner. All controls that require action from the Control Owner appear on the My Tasks page.
To review a control:
- Log into a user account that's been added to the Control Owner & Delegate user group to display the My Tasks page.
- Click a control to open the Control Assessment form.
- Optional: Edit the Control Name or Description fields.
- Select a control automation option in the Automated Control dropdown.
- Select the frequency of the control in the Frequency dropdown.
- Select the appropriate option to describe the control in the Key Control dropdown.
- Select whether the control is Preventive or Detective in the Prevent or Detect dropdown.
- Drag or browse for a file in the Supporting Attachments field. Files can be up to 100 MB in size. Most files types are accepted, however, you cannot upload files with the following extensions:
- Click Add Existing Policies under the Policies table. Begin typing keywords in the search bar and click + Add next to the desired policy.
- Select an option that describes the effectiveness of the control in the Control Self Assessment dropdown.
- Optional: In the Issues and Corrective Actions section, click Add Existing Issues. Begin typing keywords in the search bar and click + Add next to the desired issue.
- Click Submit for Review to return the control to the risk team for review. If the risk team finds the control requires further remediation, they may send it back to the control owner.