HOPEX V5 EN

HOPEX IRM > HOPEX Internal Control > Managing Controls > Control Characteristics > Responsibilities concerning Controls

Responsibilities concerning Controls

See also: Accessing Controls.

HOPEX IRM enables definition of responsibilities of each participant related to a control via the RACI matrix:

• Responsible

• Accountable

• Consulted

• Informed

Responsibility levels

RACI responsibility levels are as follows:

Responsibility	Explanation
Responsible	Responsible for execution of required actions.
Accountable	Reporting on progress of planned actions and making decisions. There is only one "Accountable".
Consulted	Consulted as first priority before an action or decision.
Informed	Must be informed after an action or decision.

Specifying control responsible users

In the framework of control assessment and execution, questionnaire respondents are Responsible users of the control.

See the section corresponding to the respondent logics in the prerequisites to control assessment. Pre-requisites to Control Assessment.

To specify the person responsible for a control in a given entity:

1. In the control properties page, expand the Responsibilities section.

To access controls, see Listing Controls.

2. Select the Responsible tab.

3. Click the New button.

4. Select a person in the drop-down list provided.

The business role “Control Responsible” is specified by default.

5. (optional) Select the entity the person is responsible for.

6. Click OK.

Ensure that an e-mail address is correctly specified next to the name of the person.

You have the possibility to connect several responsible users.

Scope of a Control and Associated Risks

To specify the scope of a control:

In the control properties, expand the Scope section.

You can connect several object types:

• Business
processes

• Organizational processes

• Operations

• Entities

• Applications

• Accounts

• Types of control

To specify risks for a control:

In the control properties, expand the Risks section.

Regulatory and Business Policy Enforcement

To view regulatory and business policy elements that are connected to a control:

1. See Accessing Controls.

2. In the properties of a control, expand the Regulatory and Policy Enforcement section.

Several tabs enable you to view associated objects:

• Control Directives

Control directives are an interpretation of the law and contribute to the enforcement of any regulation article your organization has to comply with.

• Articles

An article is a citation from a regulatory framework and is usually associated to a mandated control directive.

• Business Policies

For more details, see Managing Compliance.

Action Plans for Controls

To specify action plans on a control:

In the control properties, select the Action plans page.

You can:

• define action plans directly on the control

• view action plans on issues associated to the control

For more details, see Managing Issues and Action Plans.

Reports Related to Controls

See Control Environment Report.