II.
Workflow JSON
Structured · liveworkflow:control-effectiveness-testing
Control Effectiveness Testing json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "workflow:control-effectiveness-testing",
"_kind": "Workflow",
"_file": "workflows/workflows/workflows-operational-risk.yaml",
"_cluster": "workflows",
"attributes": {
"displayName": "Control Effectiveness Testing",
"workflowKind": "governance",
"triggerType": "scheduled",
"typicalCadence": "quarterly",
"complexity": "cross-team",
"description": "Tests the design and operating effectiveness of internal controls --\nselecting control samples based on risk-tier prioritization,\nevaluating whether control design adequately addresses identified\nrisks, testing operating effectiveness through walkthroughs,\nre-performance, and evidence inspection, assessing automated control\nconfigurations and access restrictions, identifying control\ndeficiencies and classifying severity as gap, weakness, or material\nweakness, and tracking remediation commitments from prior testing\ncycles. Produces control testing results matrix, deficiency register,\nand remediation status report. Excludes control design and policy\nauthoring.\n"
},
"outgoingEdges": [
{
"from": "workflow:control-effectiveness-testing",
"to": "role:operational-risk-analyst",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "role:security-reviewer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "role:compliance-officer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "skill-area:observability-pipeline",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "skill-area:incident-response",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "domain:operations",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "domain:cybersecurity-grc",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "responsibility:run-security-scans",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "responsibility:review-architecture-changes",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "org-unit:risk-management-team",
"kind": "performed_by_org_unit",
"attributes": {}
},
{
"from": "workflow:control-effectiveness-testing",
"to": "org-unit:compliance-team",
"kind": "performed_by_org_unit",
"attributes": {}
}
],
"incomingEdges": []
}