Creating Control Procedures (Controls Assurance Program Management)

Through the Control Procedures application, you can create control procedures and link them to previously created Primary Controls. There are 2 types of control procedures: Technical and Process. Based on the selected control type, different pieces of information are captured and different testing options are available.

Create control procedures from the Control Generator application

The Control Generator Application allows users to create multiple control procedures with ties to the selected primary controls in 1 record.

Download the source file of the diagram here: Controls Assurance Program Management Controls Generator Diagram

Create a control procedure from the Control Procedures application

Creating control procedures from the Control Procedures application allows users to create a single-instance control procedure and tie it to a primary control.

Here are the tasks:

1. In the General Information section, select whether to automatically collect evidence for this Primary Control record or manually create individual evidence records on an as-needed basis.

2. Complete the Stakeholders section.

   Note: If you linked a Business Unit in the General Information section, the stakeholders from the associated business unit are populated in the Stakeholders section, such as Compliance Manager, Business Unit Controls Owner, and Risk Manager.

3. Click the Control Details tab and enter information as needed.
4. Click the Risk Management tab, then click Add New or Lookup to associate related risks to the record.
5. Click the Audit Management tab, then click Add New to create a relationship between the control procedure and audit workpapers.

6. If you chose to automatically collect evidence for the control procedure, click the Evidence Information tab, and do the following:

   1. In the Evidence Repository section, enter the collection frequency, an evidence owner responsible for providing evidence, and start and end dates.

   2. In the Related Evidences section, do 1 of the following:

      • Click Add New or Lookup if you want to manually associate new or existing Evidence Repository records to the control procedure.

      • Intentionally leave this section blank if you want to allow the Automatic Evidence Collection data feed to create Evidence Repository records based on the frequency you selected.

        The system then creates Evidence Repository records based on the chosen frequency. When an Evidence Repository record is created, the system generates an assignment and notifies the Evidence Owner to provide evidence details. The system also creates a link between the Control Procedures and Evidence Repository records, and copies the related information between the source and target applications.

7. In the Privacy Management tab, create relationships between the control procedure and both a processing activity and a data projection project.
8. Click the Mappings tab, and associate any new or existing records in other applications to the control procedure.
9. Click the Testing tab and complete your test plan.
10. Click the Findings tab to associate new or existing findings to the control procedure.
11. Click the Compliance History tab.
12. In the Capture Control Snapshots section, select Queued.
13. Click Take Snapshot.

    A Control Snapshot record is created in the Control Procedures application.

The following diagram shows how to create a control snapshot as described in steps 11 through 13.

Download the source file of the diagram here: Controls Assurance Program Management Control Snapshots Diagram