The Risk, Security & Compliance Assessment (RSCA) approach is used to evaluate the current state of security and compliance activities for SOx remediation initiatives. RSCA is a three-step methodology that covers Planning and Data Collection, Risk and Security Assessment, and Tracking and Reporting.
Each organization has their own Audit process to define the scope of an audit, the methodology for implementing that audit and how findings are reported. When findings fall into the realm of GRC, they should be handed off to a RSCA team for tracking and oversight for remediation.
Internal Audit, SOx Oversight, IT Organizations, Process Owners and external Assessment Agency
RSCA Tracking and Reporting
When a finding has been identified as a risk to the company, it needs to be tracked to resolution. But that’s not all, it should also be packaged in a final report back to Audit for review and closure. Continue reading →
A process narrative is a story or a guide to define what processes your group performs and how they perform them. It’s not a high level document written from 10,000 feet up. But it’s also not a detailed installation guide. It’s a story of what you do.
A well written narrative reduces the misunderstandings that verbal communications can create when talking to auditors, coordinating backup/recovery tasks with other departments and even reference documents for your staff during emergencies when stress levels are high.
Written processes also help your team document little details that seem normal and common place to you, because you do the job. But when you’re talking about them and explaining them to someone else, you might leave those details out. It’s just part of what you do, you don’t think about it, you simply do it. But others may need to know those little things to fill in the gaps to their processes. Continue reading →