Back to All Projects
LiveInternal ControlBrowser

Controls Testing Plan Builder

Build a control inventory, set the methodology once, and generate a risk-based annual controls testing plan: rotation, test method, sample size, timing and effort — with the scoping rationale written on every row. ISAE 3402 / SOX-style defaults, every parameter editable, exportable to Excel. Runs entirely in your browser; nothing is stored or sent.

#Internal Control#Controls Testing#ISAE 3402#Assurance
Launch Tool
Overview

The Controls Testing Plan Builder turns a control inventory into a defensible, risk-based annual testing plan. You set the methodology once — rotation intervals by risk rating, sample sizes by control frequency, effort per test method — or keep the ISAE 3402 / SOX-style defaults, and every number is editable. List your controls (or load a fictional demo inventory to see the whole flow), and the plan derives itself: which controls are in scope this cycle, how each is tested, the sample size, the timing and the estimated effort. The point is defensibility. Every control in the plan carries its scoping rationale, and everything left out appears under "Not in this cycle" with the reason — reliance on an ISAE 3402 report, a rotation deferral, a manual scope-out. Nothing is hidden in a formula. Export the whole thing to Excel with a methodology tab that records exactly the parameters you used, or print the summary. Everything runs in the browser. No account, no upload, nothing transmitted — the export is your save file.

Key Features
  • Editable methodology — rotation by risk rating, sample sizes by frequency, effort per test method, with ISAE 3402 / SOX-style defaults
  • Risk-based scoping — rotation clock, the never-tested rule, key-control switch and manual overrides, each explained
  • Every control in the plan carries its scoping rationale; every exclusion carries its reason
  • Derived test design — method, sample size, timing and effort computed per control
  • Excel export (plan + inventory + methodology tab) and a printable summary
  • A one-click fictional demo inventory to see the whole flow end to end
  • Fully browser-based — nothing stored, nothing transmitted
What Problem Does It Solve?

Internal control and assurance teams build their annual testing plans by hand — deciding what to test this year, how deeply, and on what sample, then assembling it in a spreadsheet whose logic lives in the author's head. The result is hard to defend in front of an audit committee or an examiner: why was this control in scope and that one not, and on what basis was the sample size chosen? This tool encodes a common, editable methodology and derives the plan from it — so the scoping is explicit, the rationale is on every row, and the exclusions are listed with their reasons. It connects to the Luxembourg internal-audit context too: point 51 of Circular CSSF 22/806 requires the internal audit plan to include outsourcing arrangements of critical or important functions, which can be qualified first with the Regime Classifier and carried into the plan.

Project Info

Status

Live

Regulation

Internal Control

Format

Browser
Technology Stack
HTMLCSSJavaScript
Verify it yourself

This tool runs entirely in your browser. Don't take my word for it — open it, switch your device to airplane mode, and keep working. If it still works offline, nothing is being sent anywhere.

You can also inspect what the server sends back. The response headers are public; scan them yourself.

Scan iddi-labs.com

No account, no upload, no server-side storage of your data.

Interested in Controls Testing Plan Builder?
I'm always open to feedback, contributions, and collaboration. Let's connect or explore more projects.
Get in TouchConnect on LinkedInView All Projects
IddiLabs logo

Where regulatory expertise meets AI.

Privacy Policy

Quick Links

ProjectsAboutContact

Connect

contact@iddi-labs.comLinkedInGitHub

© 2026 IddiLabs | IddiLabs is not a company or a business. It's my personal space where I experiment, build, and share what I'm learning.