Control owner and tester descriptons? 1712

  • Does anyone happen to have short description of the responsibilities for a control owner and a tester? I am trying to write a short description of each so I can provide it to the owners and testers so they are aware of what their responsibilities are?

  • The difference is very simple.
    A control owner must ensure that the control acitivity is in operation, and take full responsibility to remediate if it is found to be deficient by the tester. the Control owner should also take responsibility to ensure that the control documentation is correct, or , if not that this is communicated before the test fails.
    A tester simply checks for evidence that the control is in operation effectively.

  • Hi EMM.
    the definition is clear but I have other q.
    A control owner performes the control activity or is just responsible for that and another do the control? Or control owner must perform the control activites by him/herself?
    A control owner must be different from the process owner or could be it one person?

  • A control Owner and Process owner are the same thing ( a proces being a lot more than 1 control).
    The Control owner can perform the control activity or delegate someone else to perform the control (if not predefined by SOD and authority settings within the control). It just means that if someone else performs the control, the control owner is still the person taking responsibility for control success or failure identified during testing and implementing remediation where necesary.

  • A process owner and a control owner are not necessarily the same person. For example, the Accounts Receivable Manager may be the process owner for A/R, but the person who applies cash would be a control owner; the person who prepares the deposit would be another; etc.

  • Yes, this can be thecase, but the overall responsibility for the controls and process would still be the Accounts Receiveable Manager as all others performing the controls report to the Accounts Receivable Manager. If they do not, the process owner should be the Financial Controller.

  • Thank you,
    it helps. Now I am sure who is who and what does he/she perform. 🙂

Log in to reply