Database Reference
In-Depth Information
Controls of lesser importance are classified as
secondary controls
. The secondary
controls help the process owners mitigate a risk in the process in case the key control
fails. InFission controls have the following frequency levels:
• Multiple times per day
• Daily
• Weekly
• Biweekly
• Monthly
• Quarterly
• Annually
InFission employs a continuous controls monitoring approach. The auditors also
review the monitoring controls. Monitoring controls are a class of controls that track
the status of one or more related controls. It is used for management assessment, for
example, assessing a monitoring control and not assessing its related key control or
related secondary control.
Managing risks in Oracle GRC Manager
Risks can be added to a business process when a process is initially created and also
later when additional risks are identified. For each risk, there should be a control to
mitigate the risk.
In order to create a risk, carry out the following steps:
1.
Verify that the business process is in one of the following states
Initialized
or
Edit
.
2.
Open the business process and click on the
Risks
tab.
3.
A list of risks for the business process will be displayed. If there are no risks,
the list will be empty.
4.
Click on
Add
Risk
.
5.
The
BP Risk
page is displayed with the
Basics
and
Comments
tabs enabled.
6.
Enter a title for the risk.
Search WWH ::
Custom Search