Impact of Control Attestation in the Control Lifecycle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2025 05:32 AM
Hi! Maybe someone can give me a simple explanation on what happens to the control after being attested? Where does its impact land on the GRC or which parts of the application is it being used?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2025 05:47 AM
Hi @Momiji
Attestation responses will be used to measure the control effectiveness.
For example: Assume there's a control to secure the user password. So, that users need to reset their password once in 3 months.
There's one attestation linked to that control/control objective and the control owner should take that assessment as per the defined frequency (quarterly, half yearly, annual). The assessment question may vary based on the organisation.
Now, with the help of the attestation response, one can easily understand the effectiveness (effective,partially effective, ineffective) of the control. If it's ineffective or partially effective, then the issue record will be created to mitigate. Control managers will work on that to make the control effective. Effectiveness of the control decides the impact of the risk.
Hope this helps.
Regards,
Siva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2025 10:57 AM
Hi @J Siva , thanks for the response. There is also a control effectiveness assessment to assess the effectiveness of controls in mitigating risks. Do they have a connection?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2025 06:17 PM
Yes. Control assessments play major role on mitigating risks.
