Control Self-assessment(CSA):A Practical Guide
CONTROL SELF-ASSESSMENT: A Practical Guide provides an overview of the control self-assessment (GSA) process. The guide is designed for auditors who are new to the concept as well as those studying for the CSA exam.
The author, Larry Hubbard, begins by defining CSA and the reasons an organization would implement the audit tool. He provides a high-level review of objectives, risks, and controls and their relationship to GSA.
The author discusses the three GSA formats -- workshops, questionnaires/surveys, and management-produced analysis -- to varying degrees. He provides guidance on the characteristics and appropriate use of objective-based, risk-based, and control-based -- or process-based--workshops. Additionally, he gives practical advice on the facilitator's responsibilities during a workshop, including what should be explained to the group, what the facilitator should not do, questions the facilitator should be prepared to answer, and how to deal with different personalities. The author also discusses planning for the workshop and collecting and reporting GSA results. He concludes with a discussion on implementation strategies.
Hubbard provides an objective view of GSA as an audit tool. He explains situations where GSA's use would and would not be appropriate. For example, an organization's culture will impact the success of the GSA implementation. If an organization is endeavoring to empower its employees, GSA can support this shift. However, according to Hubbard, if an organization "remains in a command-and-control management style, GSA may have little impact." The guide includes a useful survey from CARDdecisions Inc. that helps readers assess the level of empowerment within their organization and select the right approach for implementing GSA.
Hubbard states that he favors the facilitated workshop format, and this bias is obvious given the coverage the topic receives in comparison to the other GSA formats. An entire chapter is devoted to a discussion of facilitating workshops, and the chapter on reporting GSA results is written from the perspective of the workshop format. As the workshop format is the most popular GSA approach, one would expect detailed coverage of the topic in any book on GSA; however, the lack of in-depth coverage of the other formats is disappointing. Discussion of the survey/questionnaire format is limited to a brief review of techniques for successful surveys and the advantages and disadvantages of the approach. The guide could use a more detailed discussion on these topics, as well as examples of reporting survey results and successful implementation of this approach.
The material is presented from the context of the author's own experience. Hubbard has discovered that every organization practices self-assessment differently and that there is no one best practice. Brief, illustrative examples of different organizations' experiences with GSA would have made for interesting reading.
Although, as the author acknowledges, the guide is not an in-depth study of the six domains of the GSA exam, it does serve as a good summary for those studying for it. References to other sources of information are provided for the reader who requires a more detailed review of topics, such as objectives, risks, and control theory.
The guide is concisely written, and the liberal use of bulleted lists, tables, and diagrams makes it easy to read. Despite a few minor flaws, the guide meets it stated objectives. The author provides the reader with considerable information, suggestions, and insights into the GSA process.
Lynne Turner CIA, CISA, is a principal consultant with Internal Audit & Control Service, an audit and risk management consulting firm based in Toronto, Canada.
上一篇:CCSA样题二(15')