Monitor and Evaluate Internal Control
Monitor and Evaluate Internal Control
Establishing an effective internal control program for IT requires a well-defined monitoring process. This process includes the monitoring and reporting of control exceptions, results of self-assessments and third-party reviews. A key benefit of internal control monitoring is to provide assurance regarding effective and efficient operations and compliance with applicable laws and regulations.
Monitoring of Internal Control Framework
Monitoring of Internal Control Framework
Continuously monitor, benchmark and improve the IT control environment and control framework to meet organizational objectives.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Supervisory Review
Supervisory Review
Monitor and evaluate the efficiency and effectiveness of internal IT managerial review controls.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Control Exceptions
Control Exceptions
Identify control exceptions, and analyze and identify their underlying root causes. Escalate control exceptions and report to stakeholders appropriately. Institute necessary corrective action.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Control Self-assessment
Control Self-assessment
Evaluate the completeness and effectiveness of management’s control over IT processes, policies and contracts through a continuing program of self-assessment.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Assurance of Internal Control
Assurance of Internal Control
Obtain, as needed, further assurance of the completeness and effectiveness of internal controls through third-party reviews.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Internal Control at Third Parties
Internal Control at Third Parties
Assess the status of external service providers’ internal controls. Confirm that external service providers comply with legal and regulatory requirements and contractual obligations.
There are no PSGs published for this topic; however, the topic is under review for future PSGs
Remedial Actions
Remedial Actions
Identify, initiate, track and implement remedial actions arising from control assessments and reporting.