What is a Control Self-Assessment? How does it differ from an audit?A Control Self-Assessment (CSA) is a “line of business” offered by the UT Internal Audit Department, and is defined as a process by which a department examines and improves existing internal controls and/or implements new internal controls to mitigate risks associated with a process or function. The CSA process entails documentation of the process or function, identification of all risks related to that process or function, and identification and evaluation of all internal controls that should be in place to mitigate the risks to an acceptable level. Each CSA will have its own goals and objectives; however, every CSA will also have the following three global objectives:
• Communication and understanding of each department’s roles and responsibilities within the selected process or function, including the roles and responsibilities of each individual that is part of the process or function.
• Determination of acceptable levels of risk.
• Determination of the correct cost-benefit trade-off for establishing new internal controls.
A CSA differs from an internal audit in that the direction of a CSA is determined by operating department management; the direction of an internal audit is determined by Internal Audit department management. Also, a typical internal audit includes testing of transactions to determine whether internal controls are operating as expected – a CSA typically does not include transaction testing within its scope of work.