Controls
The type of risk rating that is left after controls are added to inherent risk rating
What is residual risk rating?
This system of record is used for routing disclosures through review and approval workflows.
What is ConvergePoint?
These line of defenses submit recommendations for gap mitigation.
What is 1LOD, 2LOD, and 3LOD? and/or What is Self ID, CC/ERM, and IA?
PCSA is the acronym for this drive led by the Controls team.
Process & Control Self Assessment
This control is essential for mitigating significant risks.
What is a key control?
Governance requires this minimum frequency for reviewing disclosures to ensure compliance and accuracy.
What is once every two years?
This is the location where you can access the Monthly Findings/Issues Report, 2LOD/3LOD Upcoming Audit and Review Dates, and other risk-related resources.
What is the Business Risk Office (BRO) SharePoint site?
Name the item that was mapped to each aligned process as part of the prework for the PCSA.
What is procedure?
This is an inventory of all the controls we have captured to date with all their attributes.
What is a control library?
This centralized repository contains all disclosures across products and business units, complete with metadata like document owner, review authority matrix, and renewal dates.
What is the Enterprise Disclosure Inventory?
This is the response we provide to 2nd and 3rd lines describing our remediation activities and due date.
What is a Management Action Plan (MAP)?
This Control Team used this Six Sigma method to document and better understand the high-level process.
What is SIPOC?