HOPEX Aquila EN

GRC - Governance, Risk & Compliance > HOPEX Internal Control > Assessing Controls > Pre-requisites to Control Assessment > Control Assessment by Entity

Control Assessment by Entity

The “Control Assessment” template enables to assess control in the context of entities and process categories/processes based on the following criteria:

• Design

• Effectiveness

Assessment contexts

Controls are assessed in the context of entities, Of processes, processes and operations.

Prerequisites

Before starting control assessment, you must first prepare the work environment.

Check that you have:

• connected controls to process categories and processes (indirectly via risks, or directly)

• connected process categories and processes to the organization entities (directly or indirectly via the process category)

See Contextualizing Controls.

• defined respondents.

See:

• Pre-requisites to Control Assessment

• Specifying respondents

• specified an e-mail for each respondent.

Respondent definition logics

Respondents to control-related questionnaires can be defined on:

• entities

• controls connected to entities (via a risk or indirectly via the parent process)

• controls connected to processes (via a risk or directly)

See also Contextualizing Controls.

Hereafter the logical order used to compute respondents on controls:

The control respondent is computed in the following order:

1. A control responsible located on an entity

2. A control responsible without any localization

3. A control assessor on a process with localization

4. A control assessor on a process with localization

5. A control assessor on an entity

Specifying respondents

To specify respondents, see:

• Specifying control responsible users.

• Specifying responsibilities

• Specifying responsibilities within an entity