The Control Assessment (previously named Control Maturity and Effectiveness Assessment – CMEA) is a more comprehensive evaluation of the implemented controls in the organization. Because controls can have varying degrees of implementation that yield various results depending, the CA provides a more complete assessment of the risk mitigation capabilities of the implemented controls. For instance, the policy for BYOD (Bring your own device) may be very well written and the evidence confirms some compliance with the policy. During internal audits the discovery of the fact that employees aren’t observing and enforcing the strict guidelines of the policy would suggest a lack of full compliance exists for the implemented control.This could possibly result in a minor non-conformity in a formal audit. The Control Assessment is used to dig deeper into control implementation, by assessing the weaknesses in the policy and/or its enforcement. The CA is also used to formulate an improvement plan to meet the desired level of compliance as part of the continuous improvement strategies. 8.1.Control Assessment Template 8.Control Assessment