Understanding Process Instance Generation
This chapter provides an overview of process instance generation and process instance maintenance and discusses how to:
Define security for process instances.
Generate process instances.
Maintain process instance definitions.
Propagate new risk control repository objects to process instances.
Understanding Process Instance Generation
The risks, controls, and test plan templates that are defined in the master risk control repository are all independent objects, and they are not associated with any specific entity. When you use the Business Process Manager component (EPQ_BP_DEFN), you create process definitions and indicate how the processes, entities, financial elements, and risks are associated, but the database records for each entity must still be created.
The Process Instance Generator Application Engine process (EPQ_INST_GEN) uses the defined Business Process Manager component information and the definitions in the risk control repository to create database records, or instances, for each process, risk, control, and test plan template, adding the entity as a key. All the field values defined for the risks, controls, test plan templates, and processes are propagated to the instances, and the system assigns the entity owner as the process instance owner, so that each entity owner also becomes the owner of all process instances that are associated with their entity. The system notifies each entity owner when process instances are created for their entities, which informs them that they have been assigned as owners for those processes. The system also creates a control status record for each control that is associated with a process instance, setting its status to Not Proven.
In addition, the system defines the content management workgroup category structure for each subprocess instance and grants security according to the defined security rules. The category structure includes a placeholder for each of these documents:
Process narrative.
Process map.
Process metrics.
Policies and procedures.
Best practice.
Two additional documents, Document 1 and Document 2, that can be used for other documents that may be required for your organization.
If documents are associated with a subprocess definition, the system propagates the documents to each generated instance.
The system uses the PeopleSoft Enterprise Portal content management features to store and maintain the documents that are associated with a subprocess instance. This provides a secure, auditable, and version controlled environment to add, view, and maintain subprocess instance documents such as business process narratives, policies and procedures, and process maps. Documents are stored within a workgroup category structure that mirrors the subprocess instance structure defined within PeopleSoft Internal Controls Enforcer. This provides a clear workgroup security framework that an administrator (or the system) can use to provide document edit privileges to the appropriate entity owners, business process owners, and subprocess owners. All changes to managed documents are tracked and historic versions persisted using the content management check-in and check-out functionality.
See PeopleSoft Enterprise Portal 9.1 PeopleBook: Content Management: “Setting Up and Working With Managed Content”
The following diagram depicts the process flow for the Process Instance Generator process during which subprocess instances and their associated risks, controls, and test templates are created, and notifications are sent:
Process Instance Generator process flow of subprocess instance generation.
You can run the Process Instance Generator process for one or more selected entities of an individual subprocess by using the Business Process Manager - Entities page. To run it for all processes, use the Run Instance Generator run control page.
Once instances are created, each process instance owner can modify the individual instance definitions, if needed. This design reduces the extent to which you must modify the instances, because you only need to modify them for entities that have values that differ from those that were defined. For example, if one entity has an additional control associated with a risk for a particular process, the owner of that entity would modify their process instance definition, inserting a row for the additional control. Sign-offs occur at the instance level, by instance owner.
Owners of an entity, process, or subprocess can automatically access all data related to the objects that they own. For example, an entity owner has access to all the data related to that entity, and all the processes and subprocesses associated with that entity.
Optionally, you can establish security to explicitly enable access to instance data. This enables various roles within your organization to access the data regardless of whether they are identified as the entity or process owner. For example, you probably would assign this type of security to a role that is associated with key executives within your organization, such as chief financial officer. This security is defined separately from the security for compliance projects. You must set the system preferences appropriately for the type of security you want to enforce.
See Establishing General Preferences.
You can use one of the following methods to control access to process instances definitions:
All Entities and processes.
The role has access to all entities and processes.
Entity.
The role has access to all processes for specific entities.
Entity and process.
The role has access to specific process-entity combinations.
Process.
The role has access to all entities for specific processes.
Understanding Process Instance Maintenance
You maintain process instance definitions by using the pages in the Process Instance Manager feature. Each instance owner can modify the risks that are associated with their processes. Various documents can be associated with each subprocess as well, by attaching files that are managed through the interface to PeopleSoft Enterprise Portal Content Management.
In addition, each entity owner can create new risks, controls, and test plan templates for their process instances, by using these instance definition pages:
Risk Instance Definition page.
Control Instance Definition page.
Test Template Instance Definition page.
If entity owners define new risks, controls, or test templates while modifying their process instances, the system programmatically updates the risk control repository, adding the new objects to the repository.
You can add risks, controls, and test plan templates from the master risk control repository to the instance level definitions on an as needed basis. The system programmatically instantiates the associated controls and test plan templates when adding risks or controls from the master repository, using the current date as the effective date; you do not have to run a process to generate the instance definitions when you use this ad hoc method.
PrerequisitesBefore you generate process instances and maintain process instance definitions, you must define each process by using the Business Process Manager component.
See Defining Processes.
To use the Content Management features for storing images as attachments, such as business process maps, the image attachment type must be properly configured:
The EPPCM_IMAGE URL must be configured to point to a valid FTP server.
The FTP server must be configured correctly and running.
This is normally done as part of the PeopleSoft Enterprise Portal installation. Image files added by workgroups are uploaded via FTP and stored on the web server in a directory that you specify.
See Also
PeopleSoft Enterprise Portal 9.1 PeopleBook: Portal and Site Administration
Common Elements in this Chapter
|
Click to access the Reviewer Comment page, where you can enter comments about this process instance. All comments in PeopleSoft Internal Controls Enforcer are effective-date sensitive, and they apply to the currently effective-dated version of each object. |
|
|
Attribute 1, Attribute 2, Attribute 3, Attribute 4, Attribute 5, and Attribute 6 |
Fields for storing additional attributes that are applicable to your implementation; you can use this information to filter data in queries or reports that you create. These fields can be set up as either free-form text fields or as list boxes, depending on how you define the system preferences on the Internal Controls Enforcer General Preferences page. The labels can also be modified. See Establishing General Preferences, Configuring the Other Attribute Fields. |
|
Compliance Project |
The compliance project that a process is associated with. |
|
Entity |
The entity, such as a business unit, that is associated with the process instance. |
|
Parent Process |
If the current record is a subprocess, this field lists the process to which it is subordinate. |
|
Process ID |
An identifier for a business process or subprocess. |
|
Sign Off Status |
If sign off sheets have been generated for this process instance, this field lists their status, otherwise it is blank. |
|
Type |
Specifies the type of business process. Values are: Business Process: Indicates the record is a business process. Subprocess: Indicates the record is a subprocess. |
|
Click to access the View Reviewer Comments page, where you can review all comments. |
Defining Role Security for Instances
This section discusses how to:
Establish role-based instance security.
Review access to instances.
Pages Used to Define Role Security for Instances|
Page Name |
Definition Name |
Navigation |
Usage |
|
Process Instance Security |
EPQ_PROCSSINST_SEC |
Internal Controls Enforcer, Master Setup, Security Setup, Process Instance Security |
Define access to instance definitions for role users. |
|
View My Access - Instance |
EPQ_VW_ACCESS_INST |
Internal Controls Enforcer, User Preferences, View My Access, View My Access - Instance |
Review the instances that you can access, based on your login. |
Establishing Role-Based Instance Security
Access the Process Instance Security page (Internal Controls Enforcer, Master Setup, Security Setup, Process Instance Security).
|
Role Name |
Displays the role for which you are defining security. |
|
Security |
Specify the method by which to control access. Options are: All Access: Select to enable access to all instances. Entity: Select to enable access to only specific entities. This type of security grants access to all processes and subprocesses for the specified entities. When you select this option, you must also specify one or more entities within the Process Instance Security grid. Entity and Process: Select to enable access to only specific entity-process combinations. When you select this option, you must also specify one or more entity-process combinations within the Process Instance Security grid. Process: Select to enable access to only specific processes for all entities. When you select this option, you must also specify one or more processes within the Process Instance Security grid. |
|
Entity |
Select an entity for which to enable access. This field is only available when Security is set to Entity or Entity and Process. |
|
Process |
Select a process for which to enable access. This field is only available when Security is set to Process or Entity and Process. If you select a process, then the system enables access to all subprocesses that are associated with that process. |
Reviewing Security
Access the View My Access - Instance page to see the instances that you can access, based on the role associated with the user ID you enter at login (Internal Controls Enforcer, User Preferences, View My Access, View My Access - Instance).
Generating Process Instances
This section discusses how to:
Create process instances for selected process entities.
Create process instances for all processes and entities.
Pages Used to Create Process Instances
|
Page Name |
Definition Name |
Navigation |
Usage |
|
Business Process Manager - Entities |
EPQ_BP_ENT_XRF |
Internal Controls Enforcer, Master Setup, Business Process Manager, Entities |
Generate process instances for selected process entities. |
|
Run Process Instance Generator |
EPQ_INST_GEN_RUN |
Internal Controls Enforcer, Master Setup, Run Process Instance Generator |
Generate all process instances. |
Creating Process Instances for Selected Process EntitiesAccess the Business Process Manager - Entities page for a particular compliance project and subprocess (Internal Controls Enforcer, Master Setup, Business Process Manager, Entities).
Select the entities for which to generate instances.
Click Create/Update Instances.
Creating Process Instances for all Processes and EntitiesAccess the Run Process Instance Generator page (Internal Controls Enforcer, Master Setup, Run Process Instance Generator).
Select the Compliance Project for which to generate process instances.
Click Run to run this request. PeopleSoft Process Scheduler runs the Process Instance Generator process at user-defined intervals.
See Also
Enterprise PeopleTools 8.50 PeopleBook: Using PeopleSoft Applications
Maintaining Process Instance Definitions
This section discusses how to:
Update process instance definitions.
Review subprocess associations for business process instances.
Update subprocess instance risk associations.
Review subprocess instance elements.
Maintain risk definitions for instances.
Maintain control definitions for instances.
Maintain test template definitions for instances.
Update process instances owner assignments.
Pages Used to Maintain Process Instance Definitions
|
Page Name |
Definition Name |
Navigation |
Usage |
|
Process Instance Definition - Process Definition |
EPQ_BP_INSTANCE |
Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Process Definition |
Update process instance definitions. The fields that appear on this page differ depending on the process type. For subprocesses, you can also attach related files that are maintained using the PeopleSoft Enterprise Portal Content Manager. |
|
Process Instance Definition - Subprocess |
EPQ_BPI_SBP_XREF |
Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Subprocess |
Add or update the subprocesses that are associated with a business process instance. You can access this page only for processes. |
|
Process Instance Definition - Risks/Controls |
EPQ_BPI_RSK_XRF |
Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Risks/Controls |
Add or update the risks that are associated with a process instance definition. You can access this page only for subprocesses. |
|
Process Instance Definition - Elements |
EPQ_BPI_ELEM_XRF |
Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Elements |
Review the elements that are associated with a subprocess instance. |
|
Process Instance Definition - Notes |
EPQ_BPI_NOTES |
Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Notes |
Enter details about the process instance. |
|
Risk Instance Definition |
EPQ_BPI_RSK_DEF |
Internal Controls Enforcer, Process Instance Setup, Risk Instance Definition, Risk Instance |
Add or modify a risk definition for a process instance. |
|
Risk Instance Definition - Financial Assertions |
EPQ_BPI_RISK_FIN |
Internal Controls Enforcer, Process Instance Setup, Risk Instance Definition, Fin. Assertion |
Add or modify the financial assertions associated with a risk definition for a process instance. |
|
Risk Instance Definition - Notes |
EPQ_BPI_RISK_NOTES |
Internal Controls Enforcer, Process Instance Setup, Risk Instance Definition, Notes |
Enter details about the risk instance. |
|
Control Instance Definition |
EPQ_BPI_CTL_DEF |
Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Control Instance |
Add or modify a control definition for a process instance. |
|
Control Instance Definition - Financial Assertions |
EPQ_BPI_CTL_FIN |
Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Fin. Assertion |
Add or modify the financial assertions associated with a control definition for a process instance. |
|
Control Instance Definition - Test Template |
EPQ_BPI_CTL_TMP |
Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Test Template |
Add or modify the test plan templates associated with a control definition for a process instance. |
|
Control Instance Definition - Notes |
EPQ_BPI_CTL_NOTES |
Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Notes |
Enter details about the control instance. |
|
Test Template Instance Definition |
EPQ_BPI_TMP_DEF |
Internal Controls Enforcer, Process Instance Setup, Test Template Instance |
Add or modify a test plan template definition for a process instance. |
|
Test Template Instance Definition - Checklist |
EPQ_BPI_TMP_CHK |
Internal Controls Enforcer, Process Instance Setup, Test Template Instance, Checklist |
Modify test template instance checklist items. |
|
Test Template Instance Definition - Notes |
EPQ_BPI_TMP_NOTES |
Internal Controls Enforcer, Process Instance Setup, Test Template Instance, Notes |
Enter details about a test template instance. |
|
Work Assignment |
EPQ_WORK_ASSIGN EPQ_WKASSIGN_SRC |
Internal Controls Enforcer, Process Instance Setup, Work Assignment |
Assign an owner to one or more process instances. |
|
Reviewer Comment |
EPQ_ADD_COMMENT |
Click the Add Reviewer Comments button on various pages. |
Enter comments. |
|
View Reviewer Comments |
EPQ_VIEW_COMMENT |
Click the View Reviewer Comments link on various pages. |
Review comments. |
Updating Process Instance Definitions
Access the Process Instance Definition - Process Definition page (Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Process Definition).
The appearance of this page differs depending on the process type; for a business process only the fields in the Process Definition group box are available, there is only a Subprocess tab, and a Notes tab.
|
Displays the current sign-off status. Click the status to access the Internal Controls Sign Off page, where you can review the current sign-off worksheet for this subprocess. |
Process Definition
Use the buttons within the Content Management Documents group box to add, edit, or view documents and images that pertain to the subprocess. This enables your organization to store all pertinent business process documents directly with each subprocess instance. The system uses PeopleSoft Enterprise Portal Content Management pages to manage the documents.
If documents were associated with the subprocess at the “master” level (the risk control repository) they are propagated to each instance when you run the Process Instance Generator process. Once documentation has been associated with a content management document, the content type (file attachment, text or HTML, image attachment, image URL, or website URL) is fixed. To change the content type, you must first access the Enterprise Portal Content Management system to delete the content. Then you can add a different document type.
|
Process Narrative, Process Map, Process Metrics, Policies and Procedures, Best Practice, Other Document 1, and Other Document 2 |
Describes the type of document. After a document is attached, this description is an active link. Click the description to open the current version of the document in a separate window. |
|
Click this button to access the Enterprise Portal Content Management page that enables you to specify the type of file to add, and import the document. Once a file has been uploaded for a document, this button changes to Edit. |
|
|
Click to access the Enterprise Portal Content Management page that enables you to manage the file attachment properties for the document, download the file, or check out the file. |
The labels that are used for these fields are derived from message catalog definitions. You can change the field labels by modifying the text for the associated messages. The message catalog items are within message set number 18145. The following table list the message number IDs that are used as labels for the document fields and the page title that appears on the linked content management page.
|
Document |
Field Label
|
Content Management Page Title |
|
Process Narrative |
1164 |
1237 |
|
Process Map |
1165 |
1228 |
|
Process Metrics |
1166 |
1238 |
|
Policies and Procedures |
1167 |
1239 |
|
Best Practice |
1168 |
1240 |
|
Other Document 1 |
1342 |
1344 |
|
Other Document 2 |
1343 |
1345 |
Information on modifying message catalog definitions is available in your PeopleTools documentation.
See Enterprise PeopleTools 8.50 PeopleBook: PeopleSoft Application Designer Developers Guide
Process Map
The system displays the image of the current version of the process map within this expandable group box, if it has been uploaded as either an image attachment or an image URL.
Note. This field is hidden if the process map is not associated to either the image attachment or the image URL. The web server and FTP server must be the same in order for the image to display.
See Also
PeopleSoft Enterprise Portal 9.1 PeopleBook: Content Management: “Setting Up and Working With Managed Content”
Enterprise PeopleTools PeopleBook: PeopleCode Developer's Guide: “Using File Attachments and PeopleCode”
Reviewing Subprocess Associations for Business Process Instances
Access the Process Instance Definition - Subprocess page (Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Subprocess).
This page enables you to view the subprocesses that are associated with this business process instance. Click a description to access the Process Instance Definition page for that subprocess.
Updating Subprocess Instance Risk Associations
Access the Process Instance Definition - Risks/Controls page (Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Risks/Controls).
Insert one or more records within the Risks group box to associate additional risks with this process instance. In Update/Display mode, you must add a new effective-dated row before you can add a new risk association.
|
Risk |
Select the risk to associate with the current process instance. |
|
<risk description> |
Displays the description for the selected risk. Click to access the Risk Instance Definition page, where you can review the details for the risk. |
|
Priority |
Displays the risk's defined priority, either primary, secondary, or tertiary. |
|
Create New Risk |
Click this button to access the Risk Instance Definition page in Add mode, where you can define a new risk that is associated with this process instance. When you create a new risk instance, the system automatically creates a corresponding master-level risk definition. |
|
Select Master Risk |
Click this button to add a risk from the master-level risk control repository to this subprocess instance. A search dialog appears, and the resulting list of available values are the risks defined in the master-level risk control repository. When you select a risk, the processing indicator appears while the system creates the instance-level risk, control, and test plan template definitions for this subprocess instance. |
The Controls grid lists the controls that are associated with each risk.
|
Control and <control description> |
Displays the control ID. Click the description to access the Control Instance Definition page, where you can review the details for the control. |
|
Priority |
Displays the control's defined priority, either primary, secondary, or tertiary. |
|
Type |
Displays the control type. |
|
Status |
Displays the control's current status. Click the status value to access the Control Management page, where you can review status details, and view or initiate a test plan and action plan. |
|
If diagnostics are associated with the control, then this field contains View, otherwise it is blank. Click View to access the Diagnostic Reports By Control page, where you can review the most recent diagnostic report for this control. |
See Also
Understanding the Risk Control Repository
Understanding Subprocess Management
Reviewing Subprocess Instance Elements
Access the Process Instance Definition - Elements page (Internal Controls Enforcer, Process Instance Setup, Process Instance Definition, Elements).
The Elements grid lists the elements that are associated with this subprocess instance definition. The elements are display-only at the instance level; you can only modify them at the master level.
|
Element and <element description> |
Displays the element ID. Click the description to access the Element Definition page, where you can review the details for the element. See Defining Entities. |
If asterisks appear for a risk ranking, it indicates that the ranking was manually entered for that financial element, instead of using the system-calculated rank.
Maintaining Risk Definitions for Instances
Access the Risk Instance Definition page (Internal Controls Enforcer, Process Instance Setup, Risk Instance Definition, Risk Instance).
Insert one or more records within the Controls grid to associate additional controls with this risk instance. In Update/Display mode, you must add a new effective-dated row before you can insert a new control association for this risk instance definition.
Risk Instance Definition
|
Category |
Select the category that applies to this risk. Risk categories are established by using the Risk Category Definition page. |
|
Priority |
Select the priority of this risk, either Primary, Secondary, or Tertiary. When sign-off sheets are generated, you specify the priority level of risks and controls to include. |
|
Create New Control |
Click to access the Control Instance Definition page, where you can create a new control that is associated with this risk. When you create a new control instance, the system automatically creates a corresponding master-level control definition. |
|
Select Master Control |
Click this button to add a control from the master-level risk control repository to this risk instance. A search dialog appears, and the resulting list of available values are the controls defined in the master-level risk control repository. When you select a control, the processing indicator appears while the system creates the instance-level control and test plan template definitions for this risk instance. |
Controls
|
Control |
Select a defined control instance to associate with this risk instance. |
|
Description |
Displays the control description. Click a description to access the Control Instance Definition page, where you can view the details for the control instance. |
|
Priority |
Displays the control priority. |
|
Type |
Displays the control type. |
|
Diagnostics |
If diagnostics are associated with the control, the value for this field is Yes, otherwise it is No. |
Financial Assertions
Access the Risk Instance Definition - Financial Assertions page to add or modify the financial assertions associated with this risk instance (Internal Controls Enforcer, Process Instance Setup, Risk Instance Definition, Fin. Assertion).
|
Financial Assertion |
Select the audit category with which to associate this risk. Financial assertions are established by using the Financial Assertion Definition page. |
Maintaining Control Definitions for Instances
Access the Control Instance Definition page (Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Control Instance).
|
Manage Control |
Click to access the Control Management page, where you can manage a control's status, review the status of its current test plan or action plan, and initiate a new test plan or action plan. |
Control Instance Definition
|
Control Type |
Select whether this is a manual or automated control. |
|
Category |
Select the control category that applies to this control. Control categories are established by using the Control Category Definition page. |
|
Control Priority |
Select the priority of this control, either Primary, Secondary, or Tertiary. When sign-off sheets are generated, you specify the priority level of risks and controls to include. |
|
Framework |
Select the framework under which this control is categorized. Frameworks are established by using the Framework Definition page. |
|
Specify how often this control should be tested. When sign-off sheets are generated, the system uses the value in this field to determine how to set the Needs Testing field. Options are: Annual: Select to indicate that this control needs to be retested annually. Same as Sign Off: Select to indicate that this control should be retested every time the sign-off process occurs. When this option is selected, the value of the Sign Off Type field, which is specified by using the Internal Control Sign Off Sheet Generator page, determines how often the control needs to be retested, either quarterly, semi-annually, or annually. On sign-off worksheets, the Needs Testing field indicates whether or not a control needs to be retested. The system automatically sets the Needs Testing field to yes when the test frequency is set to Same as Sign Off. If the test frequency is annual, but the value of the Sign Off Type field on the Internal Control Sign Off Sheet Generator page is quarterly, or semi-annual, then the Needs Testing field is set to no. |
|
|
Select the frequency with which the control operates. Options are: Annual, Biweekly, Daily, Monthly, Quarterly, Semiannual, Weekly. This field is informational only, it does not affect any processing. Use this information to ensure that associated action plans provide sufficient lead time for a control to demonstrate its operational effectiveness. |
|
|
Diagnostic and Description |
If an associated diagnostic exists, its ID and description display here, otherwise this field is blank. Click the description to access the Define Diagnostics page, where you can review the diagnostic's details. |
Fin. Assertions (Financial Assertions)
Access the Control Instance Definition - Financial Assertions page to add or modify the financial assertions associated with this control instance (Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Fin. Assertion).
|
Financial Assertion |
Select the audit category with which to associate this control. Financial assertions are established by using the Financial Assertion Definition page. |
Access the Control Instance Definition - Test Template page (Internal Controls Enforcer, Process Instance Setup, Control Instance Definition, Test Template).
Insert one or more records within the Test Template grid to associate additional controls with this process instance. In Update/Display mode, you must add a new effective-dated row before you can insert a new control association for this risk instance definition.
|
Test Plan Template ID |
Select a defined test plan template instance to associate with this control instance. |
|
Assigned To |
Select the userID of the person to assign as the test plan owner for any test plans that are generated from this template. If this field is left blank, when test plans are generated the test plan owner defaults to the subprocess owner. |
|
Description |
Displays the test template description. Click a description to access the Test Template Instance Definition page, where you can view the details for the test template. |
|
Test Dependency |
Use this field to indicate if the test template for the current row requires that another one of the test templates for this control must take place before it can be executed. Select the test template that is a prerequisite. The list of valid values is limited to templates that are currently associated with this control. This effectively enables you to control the sequencing of test plans that are generated for this control. Test plans that are not dependent on other test plans can be executed anytime and in parallel. Multiple test plans that are dependent on one common test plan can also be executed in parallel, but only after the test plan that they are dependent on is completed or canceled. |
|
Create New Test Template |
Click to access the Test Template Instance Definition page in Add mode, where you can define a new test template to associate with this control instance. When you create a new test template instance, the system automatically creates a corresponding master-level test template definition. |
|
Select Master Test Template |
Click this button to add a test template from the master-level risk control repository to this control instance. A search dialog appears, and the resulting list of available values are the test templates defined in the master-level risk control repository. When you select a test template, the processing indicator appears while the system creates the instance-level test template definitions for this control instance. |
Maintaining Test Template Instance Definitions
Access the Test Template Instance Definition page (Internal Controls Enforcer, Process Instance Setup, Test Template Instance).
Test Template Instance
|
Test Type |
Specify the general format of the test. Options are: Inquiry: Select if the test is primarily conducted by questioning an individual or department. Observation: Select if the test is primarily conducted by viewing that the control is in place. Re-Performance: Select if the test involves reevaluating the control. Review: Select if the test is primarily conducted by reviewing a report. The value that you select for this field does not affect any processing. |
|
Template Attribute |
Select the attribute within which to categorize this test plan template. Attributes are established by using the Template Attribute Definition page. |
Checklist
Access the Test Template Instance Definition - Checklist page to modify the checklist items associated with this test template instance (Internal Controls Enforcer, Process Instance Setup, Test Template Instance, Checklist).
To add items from a defined checklist to the test plan template, specify the checklist ID in the Add Checklist field, then click the Add button. The checklist items appear in the Questions group box. You can add items from multiple checklists.
Checklist items are re-sequenced according to the order in which they are added. For example, if you add two checklists, Checklist1 and Checklist2, in that order, and each checklist contains three items, the items from Checklist1 will be sequenced as 1, 2, 3, and the items from Checklist2 will be sequenced as 4, 5, 6. You can edit the items as well as add or remove individual items by using the add row and delete row buttons within the Questions group box.
|
Checklist Sequence |
Enter a number to control the order in which this item appears. Items appear on the test plan sequentially in ascending order. |
|
Checklist Item |
Enter or edit the text of the question or task for the checklist item. |
Updating Process Instance Owner AssignmentsAccess the Work Assignment page (Internal Controls Enforcer, Process Instance Setup, Work Assignment). Specify the compliance project and entity (and any other optional criteria) for which to modify work assignments, then click Search.
To change the assignment for each subprocess individually, select a user ID in the Assigned To field within the Work Assignment grid, then click Save.
To change the assignment for every subprocess that appears in the Work Assignment grid, expand the Assigned To group box and select a user ID in the Assigned To field, then click Save.
The system sends a notification to each new owner.
Propagating New Risk Control Repository Objects to Process Instances
This section provides an overview of change management and discusses how to update process instances with new risk control repository definitions.
Understanding Change Management
At the process instance level, whenever entity owners create new definitions for risks, controls, and test templates, the system programmatically updates the master-level risk control repository, automatically adding the newly defined objects. If the master risk control repository definitions are modified after the instances have been created, then these changes need to be propagated to the instance definitions. The Change Manager component (EPQ_CHG_MGR) enables entity owners to update their instances with the current master-level risk control repository definitions. No existing instance-level information is overwritten; the system adds only the new definitions.
Alternatively, the risk control repository owner can selectively regenerate process instances by using the Business Process Manager component; however, that does overwrite existing instance definitions.
Page Used to Propagate New Risk Control Repository Objects to Process
Instances|
Page Name |
Definition Name |
Navigation |
Usage |
|
Change Manager |
EPQ_CHG_MGR |
Internal Controls Enforcer, Process Instance Setup, Change Manager |
Enables entity owners to update their instance definitions with any new risk control repository definitions. |
Updating Process Instances with new Risk Control Repository Definitions
Access the Change Manager page (Internal Controls Enforcer, Process Instance Setup, Change Manager).
|
View Repository Information |
Click to access the Business Process Manager component, where you can review the risks, controls, test templates, documentation, and elements associated with the subprocess at the master risk control repository level. |
|
Update from Repository |
Click to update the process instance definitions with any new risk control repository definitions. |
|
Items Added from Repository |
Lists the repository items that were added to the process instance definitions as a result of clicking the Update from Repository button. If there are currently no new items in the risk control repository, then No New Items appears in the grid. |