- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-12-2025 04:53 AM
Good afternoon,
We have implemented IRM including Audit management and we are wondering what functionality other organizations use for '1st line control testing'. At the start of our implementation we used 'Audit control tests' but a few years back we switched to indicator (tasks). To us it seems 'Control tests' fit better if you want a qualitative test on a control but indicators facilitates planning & organization better. It would be very helpful if you can state why you use a specific module for these processes. Examples of controls at our organization are:
- 4 eyes principle controls for different (business) processes
- manual data quality checks controls
- identity & authorization controls
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2025 11:53 AM - edited ‎05-05-2025 01:59 PM
Hi @Rutger2 ,
Here is my proposed solution:
Organizations using ServiceNow Audit Management for 1st line control testing typically leverage Control Tests for qualitative validation and Indicators for operational planning, depending on the control type and testing objectives. Here is a simplified table to distinguish control tests and indicators
Feature |
Control tests |
Indicators |
Purpose |
Qualitative validation of control effectiveness |
Continuous monitoring/metrics tracking |
Workflow integration |
Part of audit engagements |
Used for periodic checks or compliance KPIs |
Evidence collection |
Requires documented proof (e.g., screenshots, logs) |
Focuses on quantitative thresholds. Evidence can be attached to indicator tasks. |
Automation |
Manual or semi-automated via audit workflows |
Fully automated via scheduled tasks or can be manual and responded to by the end users. |
Indicators: are the continuous monitoring perspective and how organizations decide to continue tracking that controls are in place (so this is moreso control enforcement). For the control test: the auditor comes in and confirms that the enforcement of the control works as intended.
Use control tests to do validation of design and operating effectiveness by the compliance of internal audit team. Control tests is the access of completing an audit before the external auditors/regulators come in.
I found a great video on YouTube you can learn more about control and indicator tests here - timestamp: 2:44 – 16:43(this is an old video from 2017 but still has relevant information): https://www.youtube.com/watch?v=m4IwW-IukIc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2025 11:53 AM - edited ‎05-05-2025 01:59 PM
Hi @Rutger2 ,
Here is my proposed solution:
Organizations using ServiceNow Audit Management for 1st line control testing typically leverage Control Tests for qualitative validation and Indicators for operational planning, depending on the control type and testing objectives. Here is a simplified table to distinguish control tests and indicators
Feature |
Control tests |
Indicators |
Purpose |
Qualitative validation of control effectiveness |
Continuous monitoring/metrics tracking |
Workflow integration |
Part of audit engagements |
Used for periodic checks or compliance KPIs |
Evidence collection |
Requires documented proof (e.g., screenshots, logs) |
Focuses on quantitative thresholds. Evidence can be attached to indicator tasks. |
Automation |
Manual or semi-automated via audit workflows |
Fully automated via scheduled tasks or can be manual and responded to by the end users. |
Indicators: are the continuous monitoring perspective and how organizations decide to continue tracking that controls are in place (so this is moreso control enforcement). For the control test: the auditor comes in and confirms that the enforcement of the control works as intended.
Use control tests to do validation of design and operating effectiveness by the compliance of internal audit team. Control tests is the access of completing an audit before the external auditors/regulators come in.
I found a great video on YouTube you can learn more about control and indicator tests here - timestamp: 2:44 – 16:43(this is an old video from 2017 but still has relevant information): https://www.youtube.com/watch?v=m4IwW-IukIc