Controls Validation Services

- ICT Audits and Planning in NZ

Controls Validation (Planning & Audit) are key components of the C&A process. These allow the assessor to validate the controls in place and their effectiveness in remediating risks identified in the risk assessment.

Controls Validation Services

- ICT Audits and Planning in NZ

Controls Validation (Planning & Audit) are key components of the C&A process. These allow the assessor to validate the controls in place and their effectiveness in remediating risks identified in the risk assessment.

What is Controls Validation (Planning & Audit)?

 

Control activities are actions taken to establish or improve security and minimise risk.

Validation of the control effectiveness ensures that the current state is recorded and can be used to accurately determine risk. It also allows for recommendations to be made with regards to improvements or changes designed to increase security and control effectiveness.

Where significant control lapses are identified during a risk assessment, a corresponding control validation activity is added to the Controls Validation Plan (CVP) to make up a full list of controls to be validated.

Controls involve many functions and occur at all levels of an agency, and are equally diverse; they can take the form of logical, physical, managerial, process or policy and are either preventative, detective, or corrective.  The risk assessment will determine the most effective controls which should be applied to mitigate risk.

The Controls Validation Planning process will inform how the Audit will be carried out, and includes:

  • Documents or artefacts to be generated during the validation process;
  • Required resources, departments, and personnel involved in the validation project;
  • Timeline for completing and approving the validation project;
  • Criteria to confirm that the agency’s system or systems meet defined requirements; and
  • Compliance requirements for the system or systems.

All Controls Validation Planning will be relevant to the individual agency’s system or systems complexity.

What is included in the Controls Validation process?

The Controls Validation Planning & Audit process involves an overview of your agency, including:

Control Environment – This is the foundation for all other components of internal control, providing discipline and structure.

Internal Controls – Controls designed to provide assurance that an agency’s goals and objectives are met.

Preventative Controls – Controls designed to pre-emptively address errors and irregularities from occurring.

Detective Controls – Controls designed to search for, and identify errors, after they have occurred.

Corrective Controls – Controls designed to prevent the recurrence of identified errors.

To ensure an optimal Control Environment, those involved in the Controls Validation Planning & Audit should consistently demonstrate:

 

  • Integrity and ethical values
  • Necessary skills to ensure effective performance
  • A relevant understanding of controls and security
  • A firm understanding of how their role contributes to the success of the control process.

The CANDA team are all well versed and experienced in the CVP/CVA process and can also provide training or ongoing support to internal resources involved with an agency’s Certification & Accreditation process.

Contact CANDA today to discuss our Controls Validation services

Our experienced team at CANDA are experts in everything Certification & Accreditation related, and can provide a range of services to ensure your agency meets NZISM requirements.

Contact CANDA today to speak to one of our team and learn more about how we can help.

CONTACT CANDA