Working with attestations

Attestation enables model owners and validators to formally certify, review, and sign off on model attributes at specific points in time, supporting compliance and governance processes.

Prerequisites

• You are logged in to ValidMind.
• Models registered in the inventory require attestation.¹
• If applicable, model findings have been documented.²
• You are assigned a role with sufficient permissions to perform attestation tasks:³
  • Customer Admin — Sets up attestations
  • Model owner — Completes attestation questionnaires
  • Validator — Reviews and signs off on attestation questionnaires

¹ Register models in the inventory

² Working with model findings

³ Manage permissions

Key concepts

attestation

A formal process where model owners certify key model information at a specific time. Reviewed by the second line of defense, typically a validator, attestation is part of your audit trail and confirms that governance, documentation, and control requirements are met.

attestation instance

The invocation of the attestation process on the ValidMind Platform. Created when the attestation is triggered by the schedule you set up, it includes a snapshot with model activity and findings, questionnaire responses and review status, forming a full record of the review and approval process.

attestation period

The time window during which attestation is active, with fixed start and end dates. Each period creates an unchanging model snapshot. Periods are usually scheduled quarterly or annually and can align with regulatory or internal cycles.

attestation questionnaire

A structured form that model owners use to confirm model status, documentation and compliance. It supports formatted inputs like checkboxes and text fields, serving as both a compliance check and formal review record.

execution schedule

The mechanism, manual or automated, that starts the attestation process based on set periods. It creates attestation instances, triggers snapshots and begins the workflow for model owners and validators.

snapshot

A fixed capture of model data at a specific time. It includes optional custom fields and related findings and stays unchanged throughout the attestation, ensuring historical accuracy.

How does the attestation process work?

Attestation on the ValidMind Platform begins at the start of the attestation period after the process has been set up initially. The platform captures a snapshot of each model and its findings, preserving the state at that point in time. Changes made after the process starts do not affect the historical record.

Model owners and validators each see a banner on their dashboard when an attestation requires action. The banner links directly to their active respective attestation tasks, also known as attestation instances:

Dashboard prompt for attestations

Responsibilities for the attestation process are shared:

graph LR
    subgraph Model Owner
        A["**Not Started**"] --> B["**In Progress**"]
        B --> C["**Ready for Review**"]
    end
    
    subgraph Validator
        C --> D["**Reviewed**"]
        D --> E["**Signed Off**"]
        D -.-> B
    end

The attestation process — Model owner and validator responsibilities

Attestation is collaborative

A validator can request changes from the model owner by rejecting the attestation questionnaire.

---

The platform maintains a history of all status changes and notes.

The model owner is responsible for completing the questionnaire and addressing change requests from their reviewer. In turn, the validator is responsible for reviewing the questionnaire, requesting any necessary changes, and signing off.

Plan your attestation periods ahead of time to ensure they can be completed on time. The start date must be today or a future date, and you cannot set a date in the past to trigger attestation retroactively.

How do I create meaningful attestation questionnaires?

Attestation questionnaires are typically used in model risk management to confirm that key controls, governance processes and documentation requirements have been followed throughout a model’s lifecycle. These questionnaires are part of a broader effort to ensure accountability and regulatory compliance.

Areas typically covered in the questionnaire:

• Verification of responsibilities — Attests that model owners, developers and validators have performed their roles in accordance with internal policies and procedures.

• Documentation of compliance — Confirms that required documentation — such as model documentation, validation reports and change logs — has been completed and properly archived.

• Evidence of control operation — Serves as formal evidence that key controls (for example: backtesting, performance monitoring, version control) are in place and functioning as intended.

• Governance checkpoints — Used as checkpoints at critical stages, such as model approval, annual reviews or retirement, to ensure all required steps have been completed before proceeding.

• Regulatory reporting — In regulated environments, provides a documented trail that can be reviewed during internal audits or by external regulators.

• Risk ownership and accountability — By signing off on questionnaires, individuals acknowledge their responsibilities and support a strong control culture.

Work with your model risk management team to create a template that accurately reflects your organization’s attestation requirements.

What’s next