Control Self-Assessment in Internal Audit

29.05.20 08:24 PM By Cal Webb III

Even though Larry Hubbard published his book entitled Control Self-Assessment: A Practical Guide around 15 years ago (2005), the material is still relevant today for internal audit teams or departments in a value driven world. On the first page of the first chapter (pg. 1), Mr. Hubbard notes that the Control Self-Assessment’s (CSA) goal is “…to help organizations assess the likelihood of achieving their objectives by utilizing the knowledge of the workers who are actually responsible for meeting those objectives. CSA is a proactive process that encourages work teams to both assess and make recommendations for improvement to increase the change of meeting objectives.”  Most of business, and life for that matter, is about balance. Too much of any one thing can be detrimental to effectiveness. Internal audit is not different. As internal auditors, our independence and objectivity matter; however, using our role and knowledge to help the organization meet objectives effectively should also be a major goal of a successful department. CSA is a version of “consultative” services that can he offered by internal audit teams under the right circumstances. Mr. Hubbard elaborates on the frequency CSAs are utilized in departments by saying that “most departments using CSA say it is at most 30 to 40 percent of their auditing effort, but certainly not 100%” (pg. 10). When faced with potential projects that require discernment on the best way to add value to a client or organization, Gradient has learned to process through values based questions to help perform projects in the most effective way possible including the use of traditional internal audit techniques, data analysis, and control self-assessments. When determining if a CSA approach or similar consultative service would be appropriate, Gradient normally asks some of the following questions, which are similar to some of the items presented by Mr. Hubbard (pg. 11):

· Is it a new process or is there a new individual in-charge of the process?

· Are the current internal controls, policies, and procedures well documented?

· What’s the average experience and tenure of the team involved in the process?

· Are there any circumstances that would warrant an “independent” internal audit approach?

· What’s the fraud risk in the area?

· What the status of the culture and willingness to change or improve?

· If an option, what’s the most effective way to add value and improve the organization?

Cal Webb III