Database Reference
In-Depth Information
2.
The business process is sent through a data collection workflow, where the
process is routed to the process owner and reviewers to examine and to add
or edit the documentation and provide data.
3.
The business process owner revises the process documentation based on
reviewer feedback. The owner then sends the process through an
approval
worklow
, where the process is routed to reviewers to approve or reject the
process. When the process is approved, it is released into the system and
becomes active.
4.
The business process is sent through a
testing
worklow
to test the controls
for the risks associated with the process. If any revisions to the process are
necessary, then the process is sent through the approval workflow.
5.
The business process owner can send a process through an
assessment
worklow
, where the process, and its controls and risks are reviewed, and if
appropriate, modified to improve its design and operational effectiveness.
6.
If a business process or parts of a process become obsolete, the process owner
or GRC Manager Administrator can retire a process or certain
process documentation.
Workflows can be initiated for reasons and at times not included in this general
lifecycle description. For example, a process test could result in an issue that the
process owner would remediate then the process owner could initiate an approval
workflow for the revised process or initiate an assessment workflow because the
revised process has changed significantly. These additional workflows are explained
in the subsequent chapters on management assessment and internal audit.
The following figure provides an overview of the basic stages of control
documentation:
Mapped
2. State = Released
Mapped
Reviewed
and
Evaluated
Defined and
Documented
Released
Retired
Issues
Resolution
1. State = Initialized
4. State = Retired
A process goes
through four main
states within its
lifecycle:
1. Initialized
2. Released
3. Edit
4. Retired
Testing and
issues resolution
are an ongoing
part of real-time
compliance
management.
Monitoring
and Maturity
3. State = Edit
Change
Management
Testing
Search WWH ::
Custom Search