Definition of Control Self Assessment (CSA)

CONTROL SELF-ASSESSMENT (CSA) is a generic term that covers risk self--assessment (RSA), control and risk self-assessment (CRSA), and other processes whereby an organization's personnel evaluate their own risks and controls with the help of facilitators from the internal audit department. 

Assessments can be performed through a series of workshops or meetings or through questionnaires and can be applied to projects, processes, business units, and functions --basically any area of a company. Whatever format is used, the goal is the same: to help organizations assess the likelihood of achieving their business objectives by using the knowledge of the workers responsible for meeting them.

Self-assessment--whether it is called CSA, RSA, CRSA, or some other term--is a powerful way to gather audit information in the right circumstances. It is used when there is a need for soft control information, when the auditors want to educate others in risk-assessment techniques, and when the auditors are trying to solidify managements ownership of risks and controls. However, it is important to remember that self-assessments are verbal evidence, much like audit interviews, and must be tested when used to form internal auditing's overall opinion of an organization's internal control.

So, Control Self-Assessment (CSA) is a process by which departments, with assistance from Internal Audit, assess the adequacy of their internal controls and identify opportunities for improvement.

The CSA process involves two key components:  

• Department staff members play an active role in assessing their internal controls.  
• Department staff members are given the tools to conduct self-audits between Internal Audit visits.

Control Self-Assessment is effective in assessing the control environment, business and financial risk, control activities, and control effectiveness. Although CSA empowers operating personnel and enhances business partnering between Internal Audit and departmental personnel, it does not eliminate the need for a formal audit.

BENEFITS OF A CONTROL SELF-ASSESSMENT

• Empowers employees and increases accountability.
• Provides employees with a better understanding of business risks and internal controls.
• Identifies important issues faster.
• Can reduce audit time.
• Provides employees with a broader institutions-wide perspective
• Provides the tools to assess the control environment within a department between audits (self-assessment.)

HOW DO I PERFORM A CONTROL SELF-ASSESSMENT?

• Request the questionnaire form from the Office of Internal Audit 
• Complete the yes/no questions noted on the questionnaire.
• Identify the control risks/ramifications for "No Answers" on the questionnaire.
• Identify additional controls, which will reduce/eliminate the risks
• Contact Internal Audit if assistance is required.
• Implement the additional controls.