/
Control Assessor

Control Assessor

Owned by Victoria Buhler (Deactivated)
Last updated: Feb 09, 2023
3 min read

ZenComply Help

ZenComply Control Assessor Role

The Control Assessor is primarily responsible for evaluating the control assessments' design by validating:

  • their organization’s controls match their selected framework’s requirements

  • the operational efficacy by collecting evidence in an evidence request

During an Audit, The Program Manager assigns Control Assessments to Control Assessors, usually a teammate at their organization.

Control Assessments are assigned to a Control Assessor by the Program Manager to evaluate whether or not the control(s) of an organization is/are functioning and meet the requirements of the scoped framework.

A Control Assessor’s access and permissions support the gathering of information and in the identification of deficiencies related to the control assessments. 

What are the Control Assessor’s access and permissions?

  • A Control Assessor is granted access to ZenComply during Program Setup: Step 4. Assign control assessors and through email invitation within the Control Assessment listing from the Audit Overview landing page:

  • A Control Assessor has the permissions to:

    • Modify rights to the assigned records

    • Create rights for Evidence Requests

    • Create rights for Findings 

Control Assessor Actions

Control Assessors complete the most work in an Audit program on the compliance team. Typically, there are multiple Control Assessors on an Audit, where each is handling their own Control Assessments, but all of them require visibility across the entire Audit.  

The Control Assessor is able to perform the following actions in ZenComply:

Manage the Evidence Requests

For any control assessment assigned, the control assessor is responsible for all of the evidence requests associated with that control assessment. ZenComply comes pre-populated with control derived from GRC Experts related to the control being tested, or are automatically generated from the control assessment verbiage. 

  • Creating and Assign Evidence Request associated with a Control Assessment

    • Reviewing the attachments from an Evidence Request to validate that the evidence is both reliable (from a trusted source) and relevant to the control being tested

Evaluate the Control Assessment

Control Assessors make a determination for every assigned control assessment for either Design or Operating Effectiveness

  • Evaluate for Design - Validate that the controls that are in place for an organization are meeting the needs for the compliance requirements. ZenComply has done the work of mapping the unified control set from the Secure Controls Framework (SCF) to relevant content for 

  • Evaluate for Operations - Using the evidence provided from the related evidence request records, the control assessor needs to make a determination of whether the control is operating effectively

  • Identify Findings from Ineffective Controls - Control Assessors need to document what observations were made from the control and be detailed on addressing each finding associated with the control assessment. 

Object Hierarchy for Control Assessor Access

 

 

 

 





 





© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com