Control Effectiveness Testing

workflow:control-effectiveness-testing

Workflowworkflows/workflows/workflows-operational-risk.yaml·Open in Graph →

overview json graph

Attributes

displayName

Control Effectiveness Testing

workflowKind

governance

triggerType

scheduled

typicalCadence

quarterly

complexity

cross-team

description

Tests the design and operating effectiveness of internal controls -- selecting control samples based on risk-tier prioritization, evaluating whether control design adequately addresses identified risks, testing operating effectiveness through walkthroughs, re-performance, and evidence inspection, assessing automated control configurations and access restrictions, identifying control deficiencies and classifying severity as gap, weakness, or material weakness, and tracking remediation commitments from prior testing cycles. Produces control testing results matrix, deficiency register, and remediation status report. Excludes control design and policy authoring.

Outgoing edges (11)

applies_to_domain2

domain:operations·DomainOperations
domain:cybersecurity-grc·DomainCybersecurity GRC

involves_role3

role:operational-risk-analyst·RoleOperational Risk Analyst
role:security-reviewer·RoleSecurity Reviewer
role:compliance-officer·RoleCompliance Officer

performed_by_org_unit2

org-unit:risk-management-team·OrgUnitRisk Management Team
org-unit:compliance-team·OrgUnitCompliance Team

requires_skill_area2

skill-area:observability-pipeline·SkillAreaObservability Pipeline
skill-area:incident-response·SkillAreaIncident Response

triggers_responsibility2

responsibility:run-security-scans·ResponsibilityRun security scans
responsibility:review-architecture-changes·ResponsibilityReview architecture changes

Incoming edges (0)

None.