top of page
Resource Morse Grey.png

A Spotlight on...
Control Testing

Compliance Risk Management is a core activity in financial services, of which controls are an integral part. Verifying that controls operate as intended is essential to ensuring risks are being managed and reduced. 

This becomes ever more challenging when controls must change to reflect new regulations or updated policies and standards.

I-confidential has, over recent years, observed an increased focus on  control testing. In addition, the emphasis is now on the business line to  complete it, rather than relying on internal and external auditors.

Spotlight Controls.png

Have you Developed an Effective Control Testing Strategy?


It is easy to jump to the lowest-cost option. The consequence of this is often to increase the amount of rework required and potentially expose the organisation to greater risk. Some important questions to answer are:

  1. How much testing keeps your organisation safe?

  2. Are you confident your controls are adequate to mitigate the associated risks?

  3. Is your approach to testing being managed in a cost-efficient manner?


There are some critical elements to focus on

  • Prerequisites like a policy framework, risk framework, and the policies themselves.

  • A clearly defined methodology.

  • Stakeholders who are 'bought in' under the correct governance. A process for informing test plans to drive design and operational effectiveness.

  • A plan for how control deficiencies will be remediated.

  • Automating and systematically capturing data to validate control performance.

i-confidential's Approach is Built on two Strong Foundations

  1. Expertise and insights acquired over many years working successfully with 'household name' clients.

  2. Efficiency through our Security Metrics offering, which supports continuous monitoring and reporting.


With some key features to help you move forward:

  • An experienced team, actively involved in both the design and delivery of control testing.

  • The know-how to rapidly mobilise a control testing programme.

  • Our Control Framework, aligned to ISO and NIST, provides a robust starting point.

  • Our Control Metrics Library - matured and proven over many previous engagements.

  • The flexibility to configure and adapt existing in-house frameworks and methods or provide our own.

  • Access to our other services, such as Security Remediation - a structured way to fix control problems. We can also review your current control testing activity to help improve its completeness, efficiency, and effectiveness.

For more information about how we can help your business, please contact us.

bottom of page