The Risk Echo
CONTROL SELF-ASSESSMENT (CSA): A CRITICAL TOOL FOR CONTROL ASSURANCE
C
ontrol assurance is a critical element of an effective risk management framework that helps provide organizations with objective evidence that controls have been designed, and are operating effectively within the risk tolerances set by the board.
ADOLF BAGUMA KAIJA Operational Risk Manager, MBA,CPA,BCOM,CERM
Control assurance supports the organization to ensure that strategic, tactical and operational risks are effectively managed across the entire organizational value chain.
The control self-assessment technique is a business practice that helps organtions identify and appraise significant risks inherent within the organization's processes or activities on a day-to-day basis, in contrast to the traditional audit, which is done periodically. A number of organizations, including the National Social Security Fund, have since adopted and implemented this model as part of an integrated control assurance framework, where, maximum assurance could be attained by involving every body across the organization. In contrast to the traditional auditing techniques, the CSA framework seeks to encourage staff, whose day-to-day responsibilities are within the
14
Typically, control assurance activities have, over the years, been a preserve of the audit function across many organizations. It has, however, been long argued that auditing cannot provide absolute assurance because an audit is usually done on a sample basis- the auditor does not check everything, among other reasons. Therefore, the audit, even if conducted in accordance with generally accepted auditing standards, may not detect certain misstatements.
business unit being considered, to evaluate the adequacy and effectiveness of controls associated with the risks within their areas of operation. Creating Awareness Communication of Results & Remedial actions
Risk profiling
Control SelfAssessment
Control Rating Validation of Results
CSA Structure
CSA & Programme Execution
Dissatisfied with the level of effectiveness of audits conducted at the end of specified business cycles, in 1987, Gulf Canada developed a new technique of evaluating controls by the process-owners, which they called Control self-assessment (CSA).
Benefits of Control Self-Assessment Although the real or perceived benefits of the CSA technique may vary among organizations, it goes without saying that organizations could enjoy several benefits from the model, if well implemented, such as the ones explained below: a) Control self-assessment creates a clear line of accountability for controls, reduces the risk of fraud by examining data that may flag unusual patterns of transactions, and results in an organization with a lower risk profile. b) The CSA model works as a precursor for internal and external audits, which are generally conducted at the end of the activity implementation.
