Database Reference
In-Depth Information
For each object, within the
Financial Governance
module, the configuration options
can be set to meet the regional compliance requirements.
For example, the Compliance PMO has configured risk objects to show events and
consequences based on the regional regulatory events and consequences. Each
Regional Compliance Manager is responsible for identifying events by monitoring
the circumstances that can place InFission's regional business at the defined risk. For
each event, the Compliance Manager also determines the consequence by projecting
the outcome or impact of an event. This approach ensures that enterprise risk
response is
regionalized
based on regional compliance risk analysis.
Once the risk analysis is approved by the Compliance PMO, the Regional
Compliance Manager determines the risk treatment to mitigate the risks that fall
outside a tolerance level defined by the Compliance PMO. The Regional Compliance
Manager reviews the risk treatment options with the regional process owners to
leverage the internal controls that mitigate the risks. In GRC Manager, mitigating
controls are associated with risks under a
Related Controls
tab within
Manage Risk
pages to capture the outcome of the regional risk treatment discussions.
In certain locations, where regulatory compliance laws do not apply, the Compliance
PMO can disable the compliance risk analysis by simply disabling risk events,
consequences, and treatments so they are unavailable to users.
Assessment Activity Definition
option is configured to select only those activities
that apply to the InFission regions. The Regional Compliance Managers have the
option to select from multiple assessment activities including
Design Review
,
Operational Assessment
,
Audit
,
Documentation Update
, and
Certification.
.
For each activity you select, use a
Guidance Text
option to configure a description of
how to complete the activity, and an
Activity Question
option to create the question
that the users are required to answer while performing assessments.
Setting up Content Type for Regulatory
Documentation
Regional Compliance Managers are required to collect the necessary documentation
from the Business Managers to ensure that the compliance evidence is available to
regulatory auditors and management. Compliance Managers set up
Content Type
in GRC Manager to identify regulatory documentations attached to objects such as
risks, controls, and issues. When a manager uploads the documentation to an object,
she or he must specify a Content Type.
Search WWH ::
Custom Search