Control Direct Assessment
Hopex GRC enables assessment of controls in terms of design and efficiency:
You can assess controls:
• Directly
• Through questionnaires sent to identified recipients.
For assessment by questionnaire, see Assessment Campaigns.See also: Pre-requisites to Control Assessment.Direct Assessment Context
In direct assessment, the values of the control characteristics can be specified in two ways:
• in the properties of each control: Assessing a Control.
• globally: Assessing Multiple Controls Simultaneously
This is an "expert view" assessment.
You can assess controls for which you have editing rights. Direct assessment is carried out for all context objects available in the the Scope section of control characteristics:
For more details on control contextualization see also Contextualizing Controls.Assessing a Control
Before assessing a control, you need to ensure it has been contextualized in an appropriate way. For more details, see Contextualizing Controls.To directly assess a control:
1. Open the properties of a control.
2. Select the Assessment page then click Perform Assessment.
If the control has not been properly contextualized, a warning is displayed (a control must be connected to a process, in turn connected to an entity).3. In the wizard that appears, select the context(s) to be included in the control assessment.
4. Click Next.
You can now select values that characterize this control (contextualized) in terms of:
• design
• effectiveness
Other questions can be asked if your administrator has configured the questionnaire supplied as standard.5. In the Control Design and Effectiveness fields, indicate whether the control is:
• Pass
• Fail
Values are applied to all previously selected assessment nodes.6. Specify the measure date in the calendar.
By default this is today's date. You can select a date earlier than today's date.
7. Click OK.
Control measures are created for each assessment node (ie. the control in a particular context).
You can create several measures on different dates in the same way.
Assessing Multiple Controls Simultaneously
If you have to assess several controls, it can be quicker to use multiple assessment. This features allows you to specify the same value for several assessment nodes of different controls.
An assessment node comprises:• an object to assess
• one or several context objects (entities, processes, operations), if necessary
To assess multiple controls simultaneously:
1. In the navigation bar, click Assessment > Direct Assessment > Control Multiple Assessment.
2. Click New Assessment.
3. In the window that appears, select the assessment template:
• “Control assessment”
• "Control Assessment by Entity and Regulatory Framework"
For more details, see Controls Assessment Templates.4. Select the context objects of interest.
If you chose the “Control assessment” template, a tree appears. A control is assessed in the context of elements of the branch from the control up to the root. Information is given in columns to help you select the controls to assess.
In the above example, if you select the "Payment" process, all controls and context objects located at a lower level are selected, as well as all parent context objects up to the tree root.
If you deselect a node of a branch, only the child elements of this branch are deselected.5. Click Next.
A summary of the assessment appears, enabling you to have an overview of the objects you are going to assess.
6. Click OK.
The list of controls to be assessed in a particular context appears.
7. Enter the control Design and Effectiveness quality level:
• Operational
• Unsatisfactory
8. After answering questions, click OK.
You can also choose to close the questionnaire to come back to it and resume the assessment later on.Assessments are created in the Assessment page of the control properties. For more details, see Displaying the Results of Control Assessment.