You are currently focusing on the certification. Go to program dashboard.
This Playbook addresses the challenge of ensuring that non-technical controls are operating as designed.
This Playbook takes a deep dive into one discrete aspect of controls verification – the assurance that controls are operating as designed with an acceptable level of maturity.
In order to drive the attainment of Principled Performance, an organization must focus on effectively managing controls to ensure their operation is an essential aspect of their GRC capability. It is a key “play in the game” and an important building block for success. We have developed this Principled Performance Playbook to provide the reader with some essential guidance and tools to get started. Just like a football Playbook, this document outlines the steps to take – or plays – and sets up the structure for assignment of the various tasks to those in your organization.
Using manual tests and spreadsheets to manage the process can be effective when you have a very small number of controls to track, but this approach becomes extremely inefficient and costly when evaluating hundreds or thousands of controls throughout the organization. Risk management and GRC software providers enable organizations to efficiently and cost-effectively verify controls operation.
The Playbook contains these playsheets: Control Deviation Ranking Tool, Operational Performance Review Sheet, Controls Operation Verification Overview, and a Controls Maturity Assessment Tool. It concludes with a checklist for selecting a technology that enables automated controls verification and transparent records of review activities and findings.
Featured in: Controls
Information & Billing:
+1 (602) 234-9278
Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.
Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.