10.5. VARIOUS APPROACHES
CSA can be implemented in a variety of ways within an organization. Each approach has positive and negative factors. Therefore, the methodology adopted by an organization should be tailored to meet the specific needs of its management. It might even be necessary to apply one CSA approach for one set of operating units and a different CSA variation to another set of operating units. Four general types of CSA approaches can be utilized: pure CSA, centralized CSA, targeted CSA, and hybrid CSA.
Pure CSA
Pure CSA is a method in which operating units within an organization are responsible for conducting CSA workshops on an ongoing basis as part of their normal operating procedures. The Internal Audit Department or an external consultant usually designs and develops the CSA program to ensure consistent application throughout the organization. Also, internal auditors or consultants usually conduct the initial CSA workshop for each operating unit and provide training to the designated CSA facilitators within the operating unit. After the initial CSA workshop has been completed, management of the operating unit becomes responsible for ensuring that identified action items are appropriately addressed, future CSA workshops are conducted on a periodic basis (e.g., annually), and the results of the future CSA workshops are reported to appropriate areas within the organization.
Under pure CSA, a central department receives a copy of the report of the results of each ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
