Financial Reporting Compliance Transaction Analysis Duty

Code Name

FBI_FINANCIAL_REPORTING_COMPLIANCE_TRANSACTION_ANALYSIS_DUTY

Job Roles

This duty role is related to the following job roles:

• External Auditor

• Risk Activities Manager

• Risk Administrator

Subject Areas

This duty role secures access to the following subject areas:

• Risk Management Cloud - Assessment Results Real Time

• Risk Management Cloud - Compliance Real Time

Business Questions

This duty role secures access to data that can answer the following business questions:

• What survey questions and responses are related to assessments?

• What are the severity and status of issues?

• What is the status for remediating issues?

• When were assessments initiated?

• Which controls have not been tested for the current fiscal year?

• What two perspective hierarchies are related to documented risks?

• What is the order of the questions presented to the survey participant?

• Who are the owners, editors, and viewers assigned to an assessment batch?

• Who is authorized to access, view, review, and approve assessment results?

• What date was the remediation plan approved or reviewed?

• What are the specific comments for the remediation plan during the approval workflow?

• What assessment batches have been defined?

• Which assessments are overdue?

• What controls are in scope for testing?

• What are the assessment results for those controls that have been tested?

• Which groups are authorized to access, view, review, and approve assessment results?

• What are the defined active key controls?

• What is the document ID of the attachment?

• How many assessment transactions are not completed?

• What Financial Reporting Compliance records have been defined?

• What is the overall compliance status for the current fiscal year and/or quarter?

• What two perspective hierarchies are related to documented controls?

• What three perspective hierarchies are related to documented controls?

• What risk evaluations have been completed for a risk record?

• What is the survey participant's email address?

• Who associated the attachments?

• What is the file name or URL of the attachment?

• When were assessments completed and closed?

• What is the risk and control matrix?

• Who is authorized to review and approve a record (such as process or risk), and are they eligible?

• Which groups of owners, editors, and viewers are assigned to a record (such as control or issue), and are they eligible?

• What three perspective hierarchies are related to documented risks?

• What is the order of the questions as defined in the survey template?

• What events and consequences are associated to a risk?

• What treatment plans are associated to the risk record?

• Which groups of owners, editors, and viewers are assigned to an assessment batch?

• What is the control stratification for each control as it relates to the associated risk record?

• How many attachments have been applied to assessment records?

• What is the attachment type?

• What issues are defined, and what are their relationships to process, risk, and control records?

• Which groups are authorized to review and approve a record (such as process or risk), and are they eligible?

• What risk analyses have been completed for a risk record?

• Which groups are authorized as an issue validator/owner for the assessment result record?

• What questions and responses are related to a particular survey?

• What is the name of the survey template used for a specific survey?

• What is the approval history of the remediation plan?

• What is the timestamp when the attachment was associated?

• What are the results for batch and impromptu assessments?

• What are the results of the control test plans?

• How many controls have and have not been tested for the current fiscal year?

• What two perspective hierarchies are related to documented processes?

• What survey questions and responses are related to objects?

• What is the timestamp the survey participant submitted responses?

• Who approved and reviewed the remediation plan?

• What consequences are associated to the event?

• Who is the issue validator/owner for the assessment result record?

• What is the control stratification for control records associated to a risk record?

• What assessments have been defined?

• When were key controls tested?

• Did the approver accept the assessment result, reject it, or return it for information?

• Who are the owners, editors, and viewers assigned to records (such as process and control), and are they eligible?

• What three perspective hierarchies are related to documented processes?