Database Reference
In-Depth Information
The internal controls are assessed by the employees within each functional
area of the business that is included in the scope of management testing. Upper
management reviews and certifies the controls assessed by employees. The company
uses electronic survey tool, which includes the questionnaires to elicit data about
controls, risks, and processes. This process helps in improving the management's
visibility to risks and controls throughout each business unit and improves the
efficiency and effectiveness of business operations.
Management testing using Oracle GRC
Manager
InFission utilizes the
survey and assessment
tools in Oracle GRC Manager to
perform all management testing of internal controls. The
GRC Survey tool
is used
to assist the internal audit team to determine the scope of an independent audit
plan. The
GRC Assessment tool
is used to obtain the evidence of key controls over
financial statements to comply with Sarbanes-Oxley Act. The assessment tool in GRC
Manager also enables business process owners and management reviewers to assess
the validity and effectiveness of controls that mitigate enterprise risks under the
ERM framework established by management.
Using GRC Survey tool to determine the
scope of audit plan
The audit team uses the survey tool in GRC manager to assist in gathering the
evidence of controls to help build an effective audit plan. Surveys are created
from survey templates. Surveys include the following components:
• A set of users (called
Responders
) who must respond to the survey
• The time frame during which users can respond
• Instructions on how to respond
Managing surveys in GRC manager includes the following tasks:
Manage
Questions
Manage
Template
View
Responses
Manage
Choice Sets
Create/
Initiate
Delete
Survey
Version/
Revisions
Search WWH ::
Custom Search