Control self Assessment

aper instructions:
CSA by Any Name

According to the article, CSA by Any Name, control self-assessment, or CSA, “is a generic term that covers risk self-assessment (RSA), control and risk self-assessment (CRSA), and other processes whereby an organization’s personnel evaluate their own risks and controls with the help of facilitators from the internal audit department” (Hubbard, 2002). CSA workshops can last between two to four hours and generally include between ten to fifteen work-team members (Hubbard, 2002). The workshops are designed as question and answer type sessions and the facilitators help to organize questions that address or focus on risks and processes within job functions or the organization. The CSA workshops can be further organized into different formats that focus on risks, processes, or even soft controls (Hubbard, 2002).
Organizations utilize control self-assessment workshops with the participation of the employees to assess the risks and controls within the company. The control self-assessments are an evaluation of the controls by its employees that are currently being practiced. This type of employee involvement and risk assessment ensures the internal auditors’ assessment of an organization’s internal controls as well as possible weaknesses within an organization. CSAs can be utilized to help identify potential risks before the occurrence of potential fraud.
Internal auditors utilize CSA workshops and questionnaires to analyze the results and feedback against its own assessment of risks and weaknesses within an organization. The results can help to identify areas of potential risks ranging from strong to soft controls, especially since it involves the employees who perform duties in specific areas and the feedback are from employees’ perspectives and points of views. Since employees regularly perform tasks in specific areas, they would have more experience in performing tasks and would be able to explain their daily processes, which may help in identifying possible weaknesses and risks within an organization’s internal controls. Utilizing CSA workshops can benefit an organization since it engages all the employees and provides feedback from multiple users of the processes and systems within the organization.
Systems Development Audits
In the article, Systems Development Audits, it states that “control self-assessment (CSA) workshops have proven an effective means of scanning organizations for internal control weaknesses and are well-suited to the dynamics of systems projects” (McQuay, 2005). Due to regulations and compliance requirements, more attention has been seen regarding control issues, including IT related issues. “Only 16 percent of technology projects are completed on time and on budget, and cost overruns average 189 percent of original estimates” (McQuay, 2005). “Moreover, systems projects often use new technologies that are beyond the auditors’ range of expertise” (McQuay, 2005). Internal auditors are being relied upon more “to support their control assertions, and systems assessments can form an integral part of that support” (McQuay, 2005). The utilization of CSA workshops are especially beneficial for systems under development since employees will be using the system to perform specific job functions.
The CSA workshop facilitators can structure the workshops with questions or polling formats with “participation by those closest to the issues” (McQuay, 2005). “Evaluations typically involve four main steps: selecting the target project, developing questions and anticipating responses, facilitating the workshop, and assessing risks and reporting them to management” (McQuay, 2005). “[…] for each question and answer, auditors should assess risks to the project under review, as well as any risks the finished product may pose to the company” (McQuay, 2005). The responses can then be used as evaluations against the developing systems to help mitigate risks and strengthen internal controls of specific areas within the developing systems. Additionally, CSA workshops can also be used to evaluate inefficiencies within the developing program. The organization can also use the responses from the workshops to help “ensure that system design provides for adequate operational controls” (McQuay, 2005).

Sarbanes-Oxley Act of 2002
Section 404

In Section 404 of the Sarbanes-Oxley Act, it states that the management in public companies must assess the effectiveness of the internal controls of the issuers of financial reports. Public companies are required to file a report regarding the internal controls with the annual financials, confirm that the responsibilities of adequate internal controls and procedures are maintained by management, internal controls are effective and maintained by management, and include a report on how the management within an organization conducted required evaluations regarding internal controls.
The utilization of workshops for control self-assessments are an effective avenue to assess the internal controls and processes within an organization through employee participation, which can then be compared and analyzed against the internal auditors’ assessment of the organization’s controls. The CSA can serve as an effective tool that companies can utilize to evaluate the internal controls and processes within an organization. The CSA can be used to review specific functions within an organization as well as IT processes within the organization’s computer and accounting systems. The use of CSA workshops is also an effective tool that organizations can utilize to help maintain compliance with the Sarbanes-Oxley Act and requirements.

Franklin University. (2014). Sarbanes-oxley act of 2002. Retrieved on November 15, 2014, from

Hubbard, Larry D. (2002). CSA by any name. Internal auditor. Retrieved on November 18, 2014, from

McQuay, Paul. (2005). Systems development audits. Retrieved on November 18, 2014 from

Get a 10% discount on an order above $50
Use the following coupon code :DUE