iiRecord
Agentic AI Atlas · Control Effectiveness Testing
workflow:control-effectiveness-testinga5c.ai
II.
Workflow JSON

workflow:control-effectiveness-testing

Structured · live

Control Effectiveness Testing json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · workflows/workflows/workflows-operational-risk.yamlCluster · workflows
Record JSON
{
  "id": "workflow:control-effectiveness-testing",
  "_kind": "Workflow",
  "_file": "workflows/workflows/workflows-operational-risk.yaml",
  "_cluster": "workflows",
  "attributes": {
    "displayName": "Control Effectiveness Testing",
    "workflowKind": "governance",
    "triggerType": "scheduled",
    "typicalCadence": "quarterly",
    "complexity": "cross-team",
    "description": "Tests the design and operating effectiveness of internal controls --\nselecting control samples based on risk-tier prioritization,\nevaluating whether control design adequately addresses identified\nrisks, testing operating effectiveness through walkthroughs,\nre-performance, and evidence inspection, assessing automated control\nconfigurations and access restrictions, identifying control\ndeficiencies and classifying severity as gap, weakness, or material\nweakness, and tracking remediation commitments from prior testing\ncycles. Produces control testing results matrix, deficiency register,\nand remediation status report. Excludes control design and policy\nauthoring.\n"
  },
  "outgoingEdges": [
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "role:operational-risk-analyst",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "role:security-reviewer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "role:compliance-officer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "skill-area:observability-pipeline",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "skill-area:incident-response",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "domain:operations",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "domain:cybersecurity-grc",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "responsibility:run-security-scans",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "responsibility:review-architecture-changes",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "org-unit:risk-management-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:control-effectiveness-testing",
      "to": "org-unit:compliance-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    }
  ],
  "incomingEdges": []
}