Flexible tests and documentation-type controls are designed to be self-documenting, providing a central place to find audit work, such as test scripts, walk-throughs, and evidence.
This type of control includes a design test and can have an unlimited number of effectiveness tests associated with it. Assessments can include ordinary controls and flexible types. Questionnaire responders can add effectiveness tests dynamically, but these tests will only apply to that particular assessment. Likewise, users with sufficient privileges can create tickets to mitigate deficiencies found when testing controls.
A particular role might be permitted to view effectiveness tests, but not to manage them, and to have no permissions regarding design tests.
Control Assessment-type programs can be used, and the content can include the Control Effectiveness Testing workflow. This workflow has stages for Control Design, Audit, Certify, and Closed.
To create a control for configurable control testing:
- Go to the Content menu, then click Controls and Questionnaires.
Select a writable group in the Organization Content tree, then click New Control.
Complete the name and other fields. Click the Flexible Tests and Documentation radio button.
Click the Frequency and Classification dropdown lists and select a value.
The Create a new Control screen.Click Save.
To convert an existing control into an audit-friendly control:
Open the Content menu, then click Controls and Questionnaires.
Select the group or content pack containing the control to be converted.
Check the box next to the controls to be converted.
Click More Actions > Convert to Controls with Flexible Tests.
Make a copy or export the original control if you want to preserve the old type. A design test is automatically created for the new audit-friendly control.
