The purpose of this policy is to assist control owners, process owners and internal audit with implementing and executing the control self-assessment (CSA) process.

Self-assessment is an organized means of using the knowledge of those who are most familiar with a topic, such as processes/controls. Self-assessments evaluate how effectively the organization manages its risks of not achieving its stated objectives and executing the controls designed to mitigate them. Additionally, self-assessments can be used to identify risk drivers, such as changes in the business, personnel and internal controls, and reinforce accountability for controls.