Control Characteristics
Different sections are available in the properties of a control.
To access controls, see Accessing controls.General characteristics
Code
The code enables unique identification of the control.
Control objective
You can enter a comment describing the required objective of setting up the control.
Owner
The control owner is the user responsible for execution of the control.
This field is used when there is only one "Responsible" (in the RACI sense).
For more details on RACI, see Responsibilities.Key control
When the Key Control check box is selected, the control appears in the list Control Library > Control Management > Controls > Key Controls list.
Control nature
This characteristic allows you to specify the nature of the control. You can select from three main internal control types:
• Corrective
• Detective
• Preventive
Operational cost
This characteristic enables indication of a control cost assessment.
Execution mode
This characteristic enables specification of how the control is carried out:
• "Automatic"
• "Manual"
• "Semi-automatic"
Scope
The Scope section of control properties enables connection of controls to other objects:
• Business process
• Organizational processes
• Entities
• Risks
• Accounts
• Requirement
• Types of control
Responsibilities
HOPEX Internal Control enables definition of responsibilities of each participant related to a control via the RACI matrix:
• Responsible
• Accountable
• Consulted
• Informed
Responsibility levels
The proposed responsibility levels are as follows:
|
Scope of responsibility
|
Meaning
|
|---|---|
|
Responsible
|
Responsible for execution of required actions.
|
|
Accountable
|
Reporting on progress of planned actions and making decisions.
There is only one "Accountable".
|
|
Consulted
|
Consulted as first priority before an action or decision.
|
|
Informed
|
Must be informed after an action or decision.
|
Specifying control responsible users
In the framework of control assessment via campaigns, questionnaire respondents are Responsibles of control.
For more details on assessment campaigns, see Assessing Controls by QuestionnairesYou can connect several "Responsibles" for the same control in different entities.
To specify the person responsible for a control in a given entity:
1. In the control properties page, expand the Responsibilities section.
To access controls, see Listing controls.2. Select the Responsible tab.
3. Click the Connect button.
In the dialog box that appears, click the Find button.
4. Select a person in the list that appears and click Connect.
The person appears under the tab concerned. You must now connect the person to an entity.
5. In the Assignment Location field, select an entity to which the person executing the control is attached.
Ensure that an e-mail address is correctly specified in the properties of the person.