How do you populate the Control Method field with a new custom value, such as a third-party application'?

A. Enter the new value directly in the Control method field.

B. Use Lookup Meaning of the new lookup value.

C. Use Lookup Code of the new lookup value.

D. Use Lookup Type of the new lookup value.

You are implementing Advanced Access Controls and there is a requirement for a control to monitor user

access to specific, client-defined access points which give users the ability to both initiate a purchase order

and approve payments on that purchase order.

Which is a valid option to implement the control?

A. From the "Access Entitlements" page create two entitlements containing the respective client-defined access points. Create an access model from the "Models" tab of Advanced Controls, based on the entitlements you created.

B. Select Actions > Create Access Control from the "Controls" tab of Advanced Controls.

C. Create an access model from the "Models" tab of Advanced Controls, and then define an access point filter for each individual client-defined access point.

D. From the "Access Entitlements" page create two entitlements containing the respective client-defined access points. Create an access model from the "Models" tab of Advanced Controls, based on the entitlements you created. Finally, deploy an access control in the "Controls" tab of Advanced Controls, and select the access model you created.

E. Create an access entitlement from the "Access Entitlements" page, then select Actions > Create Access Control from the "Controls" tab of Advanced Controls, and select the entitlement you created.

The internal auditor advised the Control Owner of North America to perform assessment for two P2P

controls.

Which three steps can the Control Owner perform to kick-off assessments for only those two controls?

(Choose three.)

A. Initiate a planned assessment that includes all controls assigned to perspective P2P.

B. Perform impromptu assessments for the two controls.

C. Enable impromptu assessments during configuration of module objects.

D. Initiate a planned assessment and include the two controls as part of the same assessment.

E. Initiate two planned assessments, one for each control.

You are advising your client on design and configuration related to how access incident results will be viewed and managed. The client has provided a list of business requirements: Incident results can be viewed by Department Groups of investigators receive assigned incidents based on Department Must ensure systematically that no incident is unassigned to an investigator

Which three must be configured to support these requirements? (Choose three.)

A. Worklist assignment Result Investigator should be set to specific users.

B. Custom perspective for Department linked to the Results object with Required set to "No"

C. Custom perspective for Department linked to the Results object with Required set to "Yes"

D. Investigators are assigned job roles with custom Department perspective data roles attached. Other incident users receive job roles which only allow viewing of incidents.

E. Investigators are assigned job roles with custom Department perspective data roles attached for managing incidents. Other incident users are assigned job roles with custom Department perspective data roles attached for viewing only.

F. Worklist assignment Result Investigator should be set to "All Eligible Users"

Your customer has a requirement to define an IT Compliance Manager job role with privileges to manage

risks and controls, and the issues related to the risks and controls.

What are the duty roles that must be included in this job role to achieve this requirement?

A. Seeded Issue Manager Composite and Issue Validator Composite

B. Seeded Risk Issue Manager and Control Issue Manager

C. Seeded Issue Manager Composite

D. Seeded Risk Manager Composite, Control Manager Composite, and Issue Manager Composite

You are helping your client identify and define their controls. You have determined that your client requires two perspectives: Business Units and Regulatory Standards. The controls are going to be secured by the business unit, and you want to ensure that when the client defines new controls, it is mandatory to assign a Business Units perspective to the control. You are going to set the "Required" field to "yes" for the Control-Business Units association.

Where do you do this in the product?

A. The Create Control screen

B. The Manage Object Perspectives screen

C. The Import template

D. The Create Perspectives screen

E. The Manage Module Perspectives screen

During implementation, you created a Financial Reporting Compliance superuser and assigned this user

the following roles:

Enterprise Risk and Control Manager

IT Security Manager

Employee

The superuser logs in to Financial Reporting Compliance but is not able to create new Data Security

Policies.

What is wrong?

A. The superuser's account is inactive and his or her account needs to be activated.

B. The application will not allow a user to both create users and assign them roles.

C. The superuser's account is created but the synchronization jobs have not been run.

D. The superuser's account is not yet approved by his or her supervisor in Financial Reporting Compliance.

Which three statements are true about the purpose of perspectives? (Choose three.)

A. Perspectives can be used to define user privileges.

B. Perspectives can be used for categorizing Financial Reporting Compliance objects.

C. Perspectives can be used to represent regional hierarchies.

D. Perspectives are used to enable data security on Financial Reporting Compliance objects.

E. Perspectives enable functional security in Financial Reporting Compliance.

Your customer needs to conduct monthly Operational Effectiveness assessments for controls across two organizations (North America and EMEA). Your customer requires that assessment results for North America be accessible only to users in North America and likewise for EMEA. Additionally, the Chief Risk Officer reviews the assessment results by Business Process every week. How should you design perspectives to achieve this?

A. Use the Region hierarchy for security and the Business Process hierarchy for reporting of controls.

B. Use the Region hierarchy initially, and later use both Region and Business Process hierarchies for security.

C. Use both Region and Business Process hierarchies solely for reporting purposes.

D. Use the Business Process hierarchy for security and the Region hierarchy for reporting of controls.

The GRC Business owner responsible for reviewing and investigating access incidents related to the "Order to Cash" perspective does not see any worklists for the generated results. You have validated that:

1.

Other business owners are able to view their assigned worklists without any problem

2.

Incidents have been generated for the controls related to Order to Cash

3.

The business owner's assigned roles contain the correct functional privileges and data access to the correct perspective values

What is the reason the business owner cannot see any worklists for the generated incidents?

A. The Result Management Perspective Assignment has not been linked.

B. The underlying model is not linked to Order to Cash.

C. The business owner was recently assigned the role and the worklist needs to be refreshed.

D. Worklist assignment does not include the business owner.

E. The Control Perspectives are not linked to the control.