Database Reference
In-Depth Information
InFission approach for Risk Assessment
and Control Veriication
At InFission, our Compliance Director is responsible for setting up the program
office and selecting the controls framework, conducting management interviews,
and reviewing prior year control documents.
The global process owners are ultimately responsible for identifying the inherent
risk exposure, as well as the certification of control effectiveness in their process.
However, many process owners also require their staff to identify any risks and
verify the controls for which they are responsible.
At InFission, the Chief Financial Officer (CFO) has also appointed a Compliance
Director as the head of Compliance Program Management Office (PMO) in order
to assist the management to complete the risks assessment and control verification
activities. The Compliance PMO team uses Oracle GRC Manager and Oracle
GRC Intelligence to obtain qualitative risk rating by creating risk assessment
questionnaires that provide management response to financial, operational,
and IT risks.
The Chief Audit Executive (CAE) maintains independence throughout the
management assessment process. Once the risk assessment results are submitted
by the Compliance PMO in GRC Manager, the CAE reviews the management risk
rating using GRC Intelligence dashboards and prepares the Audit plan in Oracle
GRC Manager to include internal controls that require verification by independent
auditors as well as management.
The internal audit team performs independent, top-down risk assessment using a
quantitative approach. This approach includes a probabilistic model that measures
both the likelihood and impact of risk events, as well as non-probabilistic models
that include sensitivity analysis and scenario planning. Non-probabilistic models
are relied upon when available data is limited. The data model for quantitative risk
assessment is maintained in Oracle GRC Intelligence and the data is periodically
extracted from Hyperion Financial Management (HFM), Oracle GRC Manager,
and Oracle E-Business Suite.
Search WWH ::
Custom Search