Academic journal article Academy of Accounting and Financial Studies Journal

The Real Story on Control Self-Assessment

Academic journal article Academy of Accounting and Financial Studies Journal

The Real Story on Control Self-Assessment

Article excerpt


Control Self Assessment (CSA) has been evolving in the United State since the early 1990s, and today, more and more internal auditors are becoming CSA certified. The five components of internal control published by the Committee of Sponsoring Organizations (COSO) and the primary internal control objectives set forth in the IIA's Standards for the Professional Practice of Internal Auditing essentially encompass the same broad internal control objectives and recommend that each organization design its own system of internal control to meet the needs of the organization. CSA is a powerful tool that can be used to assess control effectiveness as well as business processes within organizations. Therefore, CSA techniques are being implemented by many companies world wide.

This article reports the results of a survey developed by the authors and sent to internal audit professionals world wide via, a website maintained by the IIA for gathering information from companies that is of interest to internal auditors. Responses were received from 145 companies. The results of the survey will be of interest to management and internal auditors who are already using CSA and those who are planning to implement it sometime in the future.


The CSA concept was developed in Canada in the late 1980s but did not really come of age in the United States until the mid 1990s when companies started considering it as one of the major audit strategies adding significant value to the audit function. The IIA began sponsoring an annual CSA Users' Conference in 1993 and established the CSA Center to offer guidance and training in CSA in 1997. A CSA Qualification was initiated in 1997 and by 1999, the Certification in CSA was made available.

According to the Institute of Internal Auditors, Control Self Assessment (CSA) is a process through which internal control effectiveness is examined and assessed. The objective is to provide reasonable assurance that all business objectives will be met. Since it is management's responsibility to implement a satisfactory system of internal control, a properly implemented CSA program is a powerful management tool. The board of directors and officers of a corporation have the responsibility of providing assurance to the company's stakeholders by monitoring the organization's activities. CSA allows management and/or the internal auditors, along with the operating staff, to join forces to produce an assessment of an operation, process or control thus supporting external reporting of the effectiveness of internal controls.

With CSA, the evaluation of risks and controls in place to meet objectives is actually done by personnel responsible for doing the work; thus, causing a shift in some responsibilities related to internal controls. Table 1 compares the assignment of responsibilities under the traditional audit approach to the CSA approach. With CSA, those responsible for controls (management) and those who know the most about how the business functions (the work teams) evaluate risks and controls. Often the report is compiled during the workshop and issued directly by the work team. This reflects a big shift in responsibilities from the traditional approach where internal audit shoulders the responsibility for evaluating and assessing the adequacy of controls and reporting to management.


Since CSA has been used in the United States for approximately seven years, the authors surveyed internal auditors to determine the extent of its use, primary methods employed, outcomes and use of results. A survey questionnaire was developed after an extensive review of related literature. With the cooperation of the Institute of Internal Auditors, the survey was posted on the Global Auditing Information Network at The website was established by the IIA and is used by chief audit executives to gather information important to the audit function. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.