Configuring Security and Risk Review Process

Questions and Answers

What should you do to prevent risks from going through the review process each time they are updated?

• Only assign the Risk Approver Composite duty role in configurations (correct)
• Assign the Risk Reviewer Composite duty role to upper management only
• Ensure no user is assigned a job role with Risk Reviewer or Risk Approver duties
• Add the Risk Reviewer Composite duty role to the creator of the risks

What is the correct step to allow upper management to review specific risks?

• Assign the Risk Reviewer Composite duty role only to upper management (correct)
• Add all users to the Risk Reviewer Composite duty role
• Assign the Risk Approver Composite duty role to upper management
• Do not assign any Risk Reviewer or Risk Approver duties to anyone

What can prevent risks from being reviewed before saving them?

• Ensuring multiple users have the Risk Approver Composite duty role
• Not assigning any user a job role with Risk Reviewer Composite or Risk Approver duties (correct)
• Adding multiple users to the Risk Reviewer Composite duty role
• Adding the Risk Reviewer Composite duty role to all users

Which task should be completed before performing a data import in the Test pod?

Validate that custom list of values have new lookup values created (D)

Why is it important to validate custom list of values before performing a data import?

To guarantee proper creation of new lookup values for controls (D)

What is a crucial step to ensure control perspectives are set up correctly before data import?

Ensuring control perspective relationships are established in Module Perspectives (A)

What technique can be used to gather requirements for risk management implementation?

Surveys and questionnaires (D)

Which tasks should be completed before starting Financial Reporting Compliance implementation? (Choose three)

Migrate the organization’s existing risk and control matrix into Financial Reporting Compliance (C)

What should be considered in terms of organizational culture when gathering requirements for risk management implementation?

The level of risk tolerance (D)

Which filter can be used to identify expense reports with suspicious expense type combinations?

Expense type combination filter (A)

In the context of risk management, what is the purpose of stakeholder interviews?

To gather insights on risks and controls from key individuals (A)

What is one important step before going live with a Financial Reporting Compliance solution?

Conduct a post-implementation review (A)

What must be done to create two entitlements containing client-defined access points?

Create and access a model from the 'Models' tab and select Actions > Create Access Control from the 'Controls' tab. (E)

Which filters need to be combined to identify different suppliers using the same taxpayer ID?

Function filter where the 'Taxpayer ID' count is greater than 1 and a standard filter where the 'Supplier' object's 'Taxpayer ID' is not blank. (C)

After creating an access entitlement from the 'Access Entitlements' page, what should be done next?

Select Actions > Create Access Control from the 'Controls' tab of Advanced Controls. (A)

When running Synchronize Transaction from the Data Sources page, what happens if two models are using invoice and payment business objects?

One job will run for the two objects based on transactions dated after the Transaction Created As of Date. (A)

What is necessary to relate in the Related Objects section on the Risk Definition page?

A new process and a new control (D)

Which security structure component cannot be created or viewed from the Security Console when configuring security for Financial Reporting Compliance?

Composite Duty (A)

For the Control Manager role configuration, which controls can user A access and manage?

Controls 2 and 3 Only (B)

How many access points do the two entitlements in the access model have in total?

8 (A)

When defining a data security policy, what perspective value should be set according to the instructions provided?

EMEA (C)

What is NOT possible in editing or creating related objects on the Risk Definition page?

Relate only an existing control, but not a new control (B)

What must be configured to ensure that incident results can be viewed by Department Groups of investigators and systematically ensure no incident is unassigned?

Custom perspectives for Department linked to the Results object with Required set to “No” (B)

Which configuration ensures that Incident results are accessible only by users in North America and EMEA, as specified by the customer?

Custom perspectives for North America and EMEA linked to Results with Required set to “Yes” (D)

How should the Result Investigator assignment be configured to align with the client's requirement of assigning incidents based on Department?

Assigned job roles with custom Department perspective data roles attached (B)

Which configuration best supports ensuring no incident is unassigned to an investigator?

Custom perspectives for Department Required set to “Yes” (D)

To allow other incident users to view incidents without any editing capabilities, what configuration would be suitable?

Setting worklist assignment to “All Eligible Users” (A)

How should the assignment of investigators be handled to ensure maximum flexibility in viewing incidents?

Linking investigators with custom Department data roles (D)