Skip to main content

Assessment framework

Short Description

An assessment framework is the combination of criteria that an auditor can evaluate by applying them to an entity (of a specific kind), and the procedures that this auditor will follow for doing so, for the purpose of establishing the extent in which that entity conforms to a stated set of requirements. Thus, an entity can be assessed against an assessment framework.

An assessment framework serves a specific purpose, e.g. a risk assessment framework serves to identify, analyze and evaluate risks for the purpose of selecting and implementing appropriate ways to treat such risks. Other frameworks may serve to assess the compliance e.g. with a normative framework.

Assessing an entity against an assessment framework means that all criteria are evaluated, and each of them is assigned a particular value, the syntax and semantics of which are defined in the assessment framework. For example, an assessment framework used in risk management may define risk levels. Similarly, a framework for compliance may define compliance levels. Obviously, the kinds of values that may result from such an assessment should be relevant for the purpose that the assessment-framework serves.

An assessment framework also typically provides principles, ideas, rules, working instructions (policies) to provide some high-level guidance for the execution of actual assessments.

An assessment framework may however also provide concrete, practical guidance for doing actual assessments. This can come e.g. in the form of procedures that are to be followed, checklists, reporting templates, etc.


The purpose of an assessment framework is to

  • enable parties to determine the usefulness of having (sets of) entities assessed against that framework, i.e. whether or not the expected results serves a purpose, i.e. realizes an objective that the party pursues, and
  • enable auditors to actually execute an assessment on a particular (set of) entities, thereby producing (tangible) results that can be used to determine the extent in which these entities conform to a stated set of requirements.