Database Reference
In-Depth Information
Documenting Your Controls
Documentation of your internal controls should clearly describe the process and
procedures, as well as risks, which expose the process and controls that mitigate the
risks. The accuracy of control documentation is critical to verify the controls, identify
control gaps, and remediate any issues. In this chapter we will:
• Describe the approach and techniques to assist you to streamline the control
document management process
• Discuss how to create effective process and procedure manuals to
understand the internal controls
• Provide examples of documenting business processes using Oracle Tutor
and instructions for maintaining key components of control documentation
such as control locations (business units), process definitions, risk ratings
and controls attributes using Oracle GRC Manager
• Show how to keep the control documentation current by requesting the
process owners and control owners to periodically provide updates to
their respective processes and controls using data collection workflow
Process and procedure documents
Many organizations maintain business processes and procedure manuals using
narratives and flowcharts, which clearly describe the responsibilities of employees
based on their roles. Process and procedure manuals help to ensure that the
managers responsible for the processes (business process owners), and internal
auditors share a common understanding of a process. Process and procedure
manuals should be updated periodically, as and when required. The accuracy of
these documents is essential for risk assessment and controls verification.
Search WWH ::
Custom Search