Summary
In this chapter, we have provided details to help you create and maintain control documentation by following best practices to manage key components of control documents such as process, procedures, risks controls, and business units. We have explained how Oracle GRC Manager and Oracle Tutor can be used to streamline this key process that is critical for internal audit, risk management, and compliance.
You can determine the accuracy and completeness of your organization's control documentation by starting with the review of process narratives, policies, and flowcharts. Next, you can examine the risks, and register for processes and controls that mitigate these risks. Many organizations maintain a Risk and Controls Matrix to make the association with each significant process easier. There may be variances in business process, risks, and controls by the business unit that are important to understand. These variances can occur due to regional business practices, variations in the business...
