Control Testing
Verify that your controls are operating effectively through testing.
Why Test Controls?
Control testing ensures:
- Controls are implemented as designed
- Controls are operating effectively
- Evidence exists for auditors
- Gaps are identified early
Test Types
| Type | Description | Frequency |
|---|---|---|
| Design Test | Verify control is properly designed | Once, on changes |
| Operating Test | Verify control works in practice | Periodic |
| Compliance Test | Verify adherence to requirements | As needed |
Creating Tests
- Open a control
- Go to Tests tab
- Click Add Test
- Define test details:
- Test name
- Test procedure
- Expected results
- Frequency
Recording Test Results
After performing a test:
- Open the test
- Click Record Result
- Enter:
- Test date
- Tester name
- Result (Pass/Fail)
- Evidence/notes
- Save result
Test Status
| Status | Meaning |
|---|---|
| 🟢 Passed | Control operating effectively |
| 🔴 Failed | Control not operating as expected |
| 🟡 Partial | Some aspects passed, others need work |
| ⚪ Not Tested | Test not yet performed |
Test History
View historical test results:
- Trend over time
- Pass/fail rates
- Tester information
- Evidence links
Scheduling Tests
Set up recurring tests:
- Open a control
- Go to Tests tab
- Click Schedule
- Set frequency (monthly, quarterly, annually)
- Assign responsible tester
Remediation
When tests fail:
- Document the failure
- Create a remediation task
- Assign to control owner
- Track to completion
- Re-test after remediation
Best Practices
- Test regularly — Don't wait for audits
- Document everything — Keep evidence of all tests
- Use sampling — For high-volume controls, test samples
- Independent testing — Have someone other than the owner test
- Follow up on failures — Track remediation to completion
Next Steps
- Categories — Organize your controls
- Risk Assessments — Map testing to risk management