HOPEX V5 EN

HOPEX IRM > HOPEX Internal Control > Assessing controls > Pre-requisites to Control Assessment > Control Assessment by Entity

Control Assessment by Entity

The template “Control Assessment” enables to assess control in the context of entities and business/organizational processes based on the following criteria:

• Design

• Effectiveness

Assessment contexts

Controls are assessed in the context of entities, processes and operations.

Prerequisites

Before starting control assessment, you must first prepare the work environment.

Check that you have:

• connected controls to processes (indirectly via risks, or directly)

• connected processes to the organization entities (directly or indirectly via the parent process)

See Contextualizing Controls.

• defined respondents.

See:

• Pre-requisites to Control Assessment

• Specifying respondents

• specified an e-mail for each respondent.

Respondent definition logics

Respondents to control-related questionnaires can be defined on:

• entities

• controls connected to entities (via a risk or indirectly via the parent process)

• controls connected to processes (via a risk or directly)

See also Contextualizing Controls.

Hereafter the logical order used to compute respondents on controls:

The control respondent is computed in the following order:

1. A control responsible located on an entity

2. A control responsible without any localization

3. A control assessor on a process with localization

4. A control assessor on a process with localization

5. A control assessor on an entity

Specifying respondents

To specify respondents, see:

• Specifying control responsible users.

• Specifying process responsibilities

• Specifying responsibilities within an entity