Configuring Security and Risk Review Process
28 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What should you do to prevent risks from going through the review process each time they are updated?

  • Only assign the Risk Approver Composite duty role in configurations (correct)
  • Assign the Risk Reviewer Composite duty role to upper management only
  • Ensure no user is assigned a job role with Risk Reviewer or Risk Approver duties
  • Add the Risk Reviewer Composite duty role to the creator of the risks

What is the correct step to allow upper management to review specific risks?

  • Assign the Risk Reviewer Composite duty role only to upper management (correct)
  • Add all users to the Risk Reviewer Composite duty role
  • Assign the Risk Approver Composite duty role to upper management
  • Do not assign any Risk Reviewer or Risk Approver duties to anyone

What can prevent risks from being reviewed before saving them?

  • Ensuring multiple users have the Risk Approver Composite duty role
  • Not assigning any user a job role with Risk Reviewer Composite or Risk Approver duties (correct)
  • Adding multiple users to the Risk Reviewer Composite duty role
  • Adding the Risk Reviewer Composite duty role to all users

Which task should be completed before performing a data import in the Test pod?

<p>Validate that custom list of values have new lookup values created (D)</p> Signup and view all the answers

Why is it important to validate custom list of values before performing a data import?

<p>To guarantee proper creation of new lookup values for controls (D)</p> Signup and view all the answers

What is a crucial step to ensure control perspectives are set up correctly before data import?

<p>Ensuring control perspective relationships are established in Module Perspectives (A)</p> Signup and view all the answers

What technique can be used to gather requirements for risk management implementation?

<p>Surveys and questionnaires (D)</p> Signup and view all the answers

Which tasks should be completed before starting Financial Reporting Compliance implementation? (Choose three)

<p>Migrate the organization’s existing risk and control matrix into Financial Reporting Compliance (C)</p> Signup and view all the answers

What should be considered in terms of organizational culture when gathering requirements for risk management implementation?

<p>The level of risk tolerance (D)</p> Signup and view all the answers

Which filter can be used to identify expense reports with suspicious expense type combinations?

<p>Expense type combination filter (A)</p> Signup and view all the answers

In the context of risk management, what is the purpose of stakeholder interviews?

<p>To gather insights on risks and controls from key individuals (A)</p> Signup and view all the answers

What is one important step before going live with a Financial Reporting Compliance solution?

<p>Conduct a post-implementation review (A)</p> Signup and view all the answers

What must be done to create two entitlements containing client-defined access points?

<p>Create and access a model from the 'Models' tab and select Actions &gt; Create Access Control from the 'Controls' tab. (E)</p> Signup and view all the answers

Which filters need to be combined to identify different suppliers using the same taxpayer ID?

<p>Function filter where the 'Taxpayer ID' count is greater than 1 and a standard filter where the 'Supplier' object's 'Taxpayer ID' is not blank. (C)</p> Signup and view all the answers

After creating an access entitlement from the 'Access Entitlements' page, what should be done next?

<p>Select Actions &gt; Create Access Control from the 'Controls' tab of Advanced Controls. (A)</p> Signup and view all the answers

When running Synchronize Transaction from the Data Sources page, what happens if two models are using invoice and payment business objects?

<p>One job will run for the two objects based on transactions dated after the Transaction Created As of Date. (A)</p> Signup and view all the answers

What is necessary to relate in the Related Objects section on the Risk Definition page?

<p>A new process and a new control (D)</p> Signup and view all the answers

Which security structure component cannot be created or viewed from the Security Console when configuring security for Financial Reporting Compliance?

<p>Composite Duty (A)</p> Signup and view all the answers

For the Control Manager role configuration, which controls can user A access and manage?

<p>Controls 2 and 3 Only (B)</p> Signup and view all the answers

How many access points do the two entitlements in the access model have in total?

<p>8 (A)</p> Signup and view all the answers

When defining a data security policy, what perspective value should be set according to the instructions provided?

<p>EMEA (C)</p> Signup and view all the answers

What is NOT possible in editing or creating related objects on the Risk Definition page?

<p>Relate only an existing control, but not a new control (B)</p> Signup and view all the answers

What must be configured to ensure that incident results can be viewed by Department Groups of investigators and systematically ensure no incident is unassigned?

<p>Custom perspectives for Department linked to the Results object with Required set to “No” (B)</p> Signup and view all the answers

Which configuration ensures that Incident results are accessible only by users in North America and EMEA, as specified by the customer?

<p>Custom perspectives for North America and EMEA linked to Results with Required set to “Yes” (D)</p> Signup and view all the answers

How should the Result Investigator assignment be configured to align with the client's requirement of assigning incidents based on Department?

<p>Assigned job roles with custom Department perspective data roles attached (B)</p> Signup and view all the answers

Which configuration best supports ensuring no incident is unassigned to an investigator?

<p>Custom perspectives for Department Required set to “Yes” (D)</p> Signup and view all the answers

To allow other incident users to view incidents without any editing capabilities, what configuration would be suitable?

<p>Setting worklist assignment to “All Eligible Users” (A)</p> Signup and view all the answers

How should the assignment of investigators be handled to ensure maximum flexibility in viewing incidents?

<p>Linking investigators with custom Department data roles (D)</p> Signup and view all the answers
Use Quizgecko on...
Browser
Browser