OCIO management should implement an effective quality control process for reviewing security control assessment plans either on a risk-based rotation or as needed basis. Such reviews will ensure the test plans incorporate the required controls for each application's baseline.