Management testing for internal audit program
Many organizations start the control testing phase of the audit plan by asking process owners and controls owners to assess the risks and evaluate the internal controls before conducting the independent audit. This process, commonly referred to as the Control Self-Assessment (CSA), is defined by the Institute of Internal Auditors (IIA) as "A process through which internal control effectiveness is examined with the objective of providing reasonable assurance that all business objectives are met."
The assessment process can help auditors to improve the effectiveness of overall audit plan. Employees that manage the process and monitor related control activities have deeper knowledge of risks and controls. The auditors can facilitate the management self-assessment of the risks and controls within a business process without comprising the independence as long as the auditor maintains the management testing records as the evidence of the process, risks...
