HOPEX IT Risk Management : HOPEX IT Risk Management : Using HOPEX IT Risk Management : Managing IT Compliance : Direct Control Assessment
   
Direct Control Assessment
The IT RM Manager can assess controls directly and thus determine their compliance with regulations. This is an "expert view" assessment.
Assessing controls directly
To directly assess the controls deployed on applications:
1. In the properties of a control, select the Control Assessment page.
2. Click the Evaluate button.
The list of applications connected to this control appears.
3. Qualify the Design of the control
adequate
inadequate
4. Qualify the Effectiveness of the control
effective
ineffective
5. If required, modify the Measurement Date and click OK.
*By default the measure date is today's date. You can select a date earlier than today's date.
The Control Level is automatically calculated from the specified characteristics.
*Control level characterizes efficiency level of control elements deployed (controls) to assess the risk.
*The control level shows "Pass" if the control is considered to be both:
effective
adequate
Template used to assess controls
 
Assessment template
Assessed object
Context
Mode
Assessed characteristics
Assessor
Assessment of controls by application
Control
Application connected to the control
direct or by campaign
- Design
- Effectiveness
 
- IT RM Manager (direct)
- Control owners (campaigns)
 
*This assessment model is also used when assessing controls via campaigns.