Chapter 6. Documenting Your Controls
Documentation of your internal controls should clearly describe the process and procedures, as well as risks, which expose the process and controls that mitigate the risks. The accuracy of control documentation is critical to verify the controls, identify control gaps, and remediate any issues. In this chapter we will:
Describe the approach and techniques to assist you to streamline the control document management process
Discuss how to create effective process and procedure manuals to understand the internal controls
Provide examples of documenting business processes using Oracle Tutor and instructions for maintaining key components of control documentation such as control locations (business units), process definitions, risk ratings and controls attributes using Oracle GRC Manager
Show how to keep the control documentation current by requesting the process owners and control owners to periodically provide updates to their respective processes and controls...
