ISACA IT Risk Fundamentals Complete Practice Test 2026

Control self-assessment is the process where the staff and management who operate the unit’s processes examine the design and effectiveness of its internal controls, often using checklists, evidence gathering, and self-review to identify gaps and drive improvements. This direct involvement of those who run the controls is what makes it the best fit for the described scenario—you’re seeing control evaluation conducted by the people closest to the processes.

The other concepts describe different ideas. Compensating controls are alternative measures used when the primary control isn’t feasible, not a self-assessment activity. Frequency analysis is a data-analysis method and not about who performs control evaluation. Control risk self-assessment isn’t a standard term for this practice; it would imply a higher-level assessment of control risk rather than the unit’s own evaluation of its controls.