GRACE Personas

Question 1

What are the 6 core personas in GRACE?

Answer 1

1. Owner
2. Manager
3. GRC Facilitator
4. Review & Challenge
5. General User
6. Librarian

Question 2

What are 4 additional GRACE roles?

Answer 2

1. Independent Control Testers
2. BES Submitter/Lead/Delegate
3. MOI Manager
4. Regulatory Management Contributor & Viewer

Question 3

What is an Independent Control Tester responsible for?

Answer 3

Key role in control assurance: schedule TCTs, perform targeted Control tests, and similar.

Question 4

In GRACE, what does BES stand for?

Answer 4

Business Environment Summary

Question 5

What does a BES Submitter/Lead/Delegate do?

Answer 5

Create, read, and update Business Environment Summaries

Question 6

In GRACE, what does MOI stand for?

Answer 6

Matters of Interest

Question 7

True or false: MOI manager is a specialist Risk role with elevated access in the Finding/Treatment Plan module?

Answer 7

True

Question 8

Who is accountable for a record?

Answer 8

Record Owner

Question 9

Can a Record Owner nominate an “Owner’s Delegate” to assist with managing records?

Answer 9

Yes

Question 10

True or False: Owner’s Delegates are unable to provide approvals as part of managing records?

Answer 10

This is false – A delegate can provide approvals, assuming this is part of their delegated responsibilities.

Question 11

Who would generally be a Record Owner?

Answer 11

This role is generally held by a GM or HO.

Question 12

What are Record Owner key responsibilities?

Answer 12

• Accountable for assigned records and associated approvals.
• Responsible for linkages to their records.
• Approve assessments.

Question 13

Who would normally be a Record Manager?

Answer 13

Typically, a 2IC of an Owner. They are nominated by the Owner for GRC Facilitator.

Question 14

What must a Record Manager do?

Answer 14

• Day-to-day responsibilities for managing record details in the system.
• Support the Owner to help monitor and review records through to closure/retirement/withdrawal.

Question 15

Who will a Record Manager work closely with to ensure effective management of records?

Answer 15

DCO

Question 16

Who is responsible for performing assessments for Control Records

Answer 16

Record Manager

Question 17

Can a Record Manager create, manage, and initiate closure/retirement/withdrawal for their assigned records?

Answer 17

Yes

Question 18

What records can a Record Manager manage?

Answer 18

• Risk
• Controls
• Events
• Findings & Treatment Plan
• Indicators

Question 19

Do all NAB employees have access to GRACE in their NAB single sign on profile?

Answer 19

Yes

Question 20

What can create, modify, manage, retire, close, withdraw records in GRACE?

Answer 20

• Owner
• Manager
• GRC Facilitator
• General User

Question 21

Who can be considered a General User of GRACE?

Answer 21

Anyone from NAB

Question 22

What key attributes/responsibilities does a General User have?

Answer 22

• Responsible for identifying risk.
• Is the eyes and ears of the Organisation.

Question 23

What is a GRC Facilitator?

Answer 23

• An SME with enhanced system access.
• Typically, a specialist from Enterprise Controls/Divisional Controls, however, could also be from the Business.

Question 24

What do GRC Facilitators do?

Answer 24

• Triage, edit, and provide guidance on a broad range of records.
• Help coordinate risk management activities and insights.
• Provide guidance/expertise to help Business manage their records.
• Complete activities on behalf of Owner or Manager.

Question 25

Who provides review & challenge in GRACE?

Answer 25

• 2nd Line Risk Specialist
• Typically, a Senior Manager or Senior Risk Partner

Question 26

Is a 2nd Line Risk Specialist part of the workflow in GRACE?

Answer 26

No

Question 27

What does a 2nd Line Risk Specialist do in GRACE?

Answer 27

• Review and challenge of a record.
• Independently monitor and manage risks (not part of formal record workflow).
• Create and read records (as a General User).

Question 28

What is a GRACE Librarian?

Answer 28

Risk Specialist responsible for creating, modifying, and managing library records.

Question 29

Is a GRACE Librarian part of the normal workflow of a record?

Answer 29

Only for Obligations; otherwise, no.

Question 30

What does a GRACE Librarian do regarding Obligations?

Answer 30

• Create Master Obligations
• Assign Obligation Owner & Manager
• Creating Obligation instances from relevant Master Obligation and assigning this to the appropriate node in the hierarchy.
• Closing/retiring Master Obligations and Obligation Instances.