Controls of type 'Flexible Tests and Documentation' are designed to be self-documenting, providing a central place to find audit work such as test scripts, walk-throughs, and evidence.
This type of control includes a design test and can have an unlimited number of effectiveness tests associated with it. Assessments can include ordinary controls and flexible type. Questionnaire responders can add effectiveness tests dynamically, but such tests only apply to that particular assessment. Likewise, users with sufficient privileges can create tickets to mitigate deficiencies found in the testing of controls.
A particular role might be permitted to view effectiveness tests, but not to manage them, and to have no permissions regarding design tests.
Programs can be of type Control Assessment, and the content includes Control Effectiveness Testing workflow. This workflow has stages for Control Design, Audit, Certify, and Closed.
To create a control for configurable control testing:
On the Content menu, click Controls and Questionnaires.On the Risks menu, click Controls and Questionnaires.On the Content menu, click Questionnaires.
Select a writable group in the Organization Content tree and click New Control.
Enter a name and other choices for the new control. Specify Flexible Tests and Documentation. Select Frequency and Classification values.
Click Save to create the new control.
To convert an existing control to an audit-friendly control:
On the Content menu, click Controls and Questionnaires.(On the Risks menu, click Controls and Questionnaires.On the Content menu, click Questionnaires.
Select the group or content pack containing the control to be converted. Check the box next to the controls to be converted.
Select Convert to Controls with Flexible Tests in the More Actions... drop-down list.
The Control is converted in place, so make a copy or export the original control if you want to preserve the old type. A Design Test is automatically created for the new audit-friendly control.