# Design & Implementation (D\&I) Testing

CERRIX supports a structured approach to testing the design and implementation of internal controls. This process ensures that controls are both appropriately defined and effectively implemented to mitigate associated risks.

This guide outlines the steps for initiating, executing, and documenting D\&I tests in CERRIX.

***

## Purpose of D\&I Testing

The Design & Implementation test (also known as Opzet & Bestaanstest in Dutch) helps determine:

* Whether the control is well-designed (clear, complete, and risk-aligned).
* Whether the control has been implemented and is functioning as described.
* Whether sufficient evidence supports the design and execution.

***

## Setting Up a D\&I Test

### Navigate to an Existing Control

Start by selecting the control for which you want to initiate a D\&I test.

### Start a Design & Implementation Test

1. Go to the D\&I Testing section.
2. Select a test template. Templates typically include a set of standard questions and evidence expectations. 

<figure><img src="/files/gBmxHqwj9XaUcUdLKqPK" alt=""><figcaption></figcaption></figure>

### Define Evaluation Criteria

Each D\&I test typically includes the following key questions:

* Design Assessment:

  Is the control defined in alignment with your risk management policy and methodology (e.g., the “5W1H” model: Who, What, When, Where and How)?
* Expected Evidence:

  Define the types of evidence required (e.g., LMS reports, follow-up actions on training gaps).
* Implementation Check:

  Can the tester verify, based on evidence, that the control has been implemented according to its description?

***

## Roles and Responsibilities

### First Line: Evidence Uploader

* Uploads supporting evidence related to the control.
* Receives a task and an automated reminder email to upload evidence by a specific date.
* Uploads files directly via the task link or the D\&I test page.

### Second Line: Tester

* Reviews the uploaded evidence.
* Assesses whether the control is appropriately designed and implemented.
* Scores the test and adds comments as needed.

***

## Uploading Evidence

1. The evidence uploader receives a task (and email) prompting them to submit evidence.
2. They can click the task or email link to navigate directly to the test.
3. Click the Evidence tab.
4. Upload one or more files (e.g., LMS reports, corrective action logs).
5. Click Apply Changes and confirm to submit.

***

## Finalizing the Test

After evidence is submitted:

* The Tester evaluates the control based on the predefined criteria.
* The Test Scores and Comments are saved and visible in the Control Overview.
* All scores are automatically updated in the control workspace for full audit traceability.

***

## Workflow Integration

* Tasks and email notifications are automatically created and sent.
* All actions are logged in the system for transparency.
* Evidence deadlines and responsibilities are clearly defined and tracked.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cerrix.com/cerrix-functionalities/module-overview/controls/design-and-implementation-d-and-i-testing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.