Impact of Control Attestation in the Control Lifecycle

Momiji
Tera Contributor

Hi! Maybe someone can give me a simple explanation on what happens to the control after being attested? Where does its impact land on the GRC or which parts of the application is it being used?

3 REPLIES 3

J Siva
Tera Sage

Hi @Momiji 

Attestation responses will be used to measure the control effectiveness.

For example: Assume there's a control to secure the user password. So, that users need to reset their password once in 3 months.

There's one attestation linked to that control/control objective and the control owner should take that assessment as per the defined frequency (quarterly, half yearly, annual). The assessment question may vary based on the organisation.

Now, with the help of the attestation response, one can easily understand the effectiveness (effective,partially effective, ineffective) of the control.  If it's ineffective or partially effective, then the issue record will be created to mitigate. Control managers will work on that to make the control effective. Effectiveness of the control decides the impact of the risk.

 

Hope this helps.

Regards,

Siva

Momiji
Tera Contributor

Hi @J Siva , thanks for the response. There is also a control effectiveness assessment to assess the effectiveness of controls in mitigating risks. Do they have a connection?

@Momiji 

Yes. Control assessments play major role on mitigating risks.