Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?
Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?
To manage internal or external consultancy processes that aim to prove the effectiveness of controls, the appropriate GRC application is Audit Management. Audit Management specifically focuses on evaluating and validating the effectiveness of an organization's controls through audits. It provides a structured approach for scheduling, executing, and maintaining audits, thereby ensuring that controls are functioning as intended. While Policy and Compliance Management deals with the development and adherence to policies and regulations, and Risk Management focuses on identifying and mitigating risks, Audit Management is directly concerned with the auditing process to prove control effectiveness.
https://docs.servicenow.com/ja-JP/bundle/tokyo-governance-risk-compliance/page/product/grc-audit/concept/audit-management.html
sorry it's D. key words are "internal" and "external"
D is correct
D is correct. Policy and Compliance Management manages the process. Not Audit management.
D is correct.
D: The ServiceNow Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and benchmarks. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities. A: The Audit Management automates the work streams of internal audit teams, optimizing resources and productivity, and eliminating recurring audit findings. Audit Management uses compliance and risk data to scope, plan, and prioritize audit engagements. The on-going review of policies and procedures, risks, and control breakdowns provide an opportunity for fixing issues before they become audit failures.
Please ignore the previous response. In Audit management process, the control tests performs a design and/or operation test to determine the overall effectiveness of a control
Policy and Compliance Management, but I thought it would have been Risk Management, which includes functionality to measure control effectiveness? From the textbook: "create the manual factor for Control Effectiveness, which calculates the control effectiveness score on the Control Effectiveness Assessment"(pg 243)? More on the process, here: https://docs.servicenow.com/bundle/vancouver-governance-risk-compliance/page/product/grc-risk/task/c... Alternatively, this link shows how audit management also can measure control test effectiveness https://docs.servicenow.com/bundle/tokyo-governance-risk-compliance/page/product/grc-audit/concept/i... Seems like it can really go either way
D is correct*