Creating Primary Controls (Controls Assurance Program Management)

The Primary Controls application serves as a central repository for controls, baselines, and activities that are mapped to corporate control standards, which establishes the foundation for enterprise-wide risk monitoring and compliance measurement.

Create a Primary Control

Here are the tasks to create a Primary Control:

  1. In the General Information section, select whether to automatically collect evidence for this Primary Control record or manually create individual evidence records on an as-needed basis.

  2. Complete the Stakeholders section.

    Note: If you linked a Business Unit in the General Information section, the stakeholders from the associated business unit are populated in the Stakeholders section, such as Compliance Manager, Business Unit Controls Owner, and Risk Manager.

  3. On the Control Details tab, enter all applicable information about the primary control.
  4. On the Mappings tab, associate any new or existing records to the primary control.
  5. On the Testing tab, complete your test plan.

  6. If you chose to automatically collect evidence for the primary control, click the Evidence Information tab, and do the following:

    1. In the Evidence Repository section, enter the collection frequency, an evidence owner responsible for providing evidence, and start and end dates.

    2. In the Related Evidences section, do 1 of the following:

      • Click Add New or Lookup if you want to manually associate new or existing Evidence Repository records to the primary control.

      • Intentionally leave this section blank if you want to allow the Automatic Evidence Collection data feed to create Evidence Repository records based on the frequency you selected.

        The system then creates Evidence Repository records based on the chosen frequency. When an Evidence Repository record is created, the system generates an assignment and notifies the Evidence Owner to provide evidence details. The system also creates a link between the Primary Controls and Evidence Repository records, and copies the related information between the source and target applications.

  7. On the Findings tab, review any open or closed findings.

  8. Click Save or Save and Close.

    • To apply the changes and continue working, click Save.
    • To save and exit, click Save and Close.