GRACE Personas Flashcards
What are the 6 core personas in GRACE?
- Owner
- Manager
- GRC Facilitator
- Review & Challenge
- General User
- Librarian
What are 4 additional GRACE roles?
- Independent Control Testers
- BES Submitter/Lead/Delegate
- MOI Manager
- Regulatory Management Contributor & Viewer
What is an Independent Control Tester responsible for?
Key role in control assurance: schedule TCTs, perform targeted Control tests, and similar.
In GRACE, what does BES stand for?
Business Environment Summary
What does a BES Submitter/Lead/Delegate do?
Create, read, and update Business Environment Summaries
In GRACE, what does MOI stand for?
Matters of Interest
True or false: MOI manager is a specialist Risk role with elevated access in the Finding/Treatment Plan module?
True
Who is accountable for a record?
Record Owner
Can a Record Owner nominate an “Owner’s Delegate” to assist with managing records?
Yes
True or False: Owner’s Delegates are unable to provide approvals as part of managing records?
This is false – A delegate can provide approvals, assuming this is part of their delegated responsibilities.
Who would generally be a Record Owner?
This role is generally held by a GM or HO.
What are Record Owner key responsibilities?
- Accountable for assigned records and associated approvals.
- Responsible for linkages to their records.
- Approve assessments.
Who would normally be a Record Manager?
Typically, a 2IC of an Owner. They are nominated by the Owner for GRC Facilitator.
What must a Record Manager do?
- Day-to-day responsibilities for managing record details in the system.
- Support the Owner to help monitor and review records through to closure/retirement/withdrawal.
Who will a Record Manager work closely with to ensure effective management of records?
DCO
Who is responsible for performing assessments for Control Records
Record Manager
Can a Record Manager create, manage, and initiate closure/retirement/withdrawal for their assigned records?
Yes
What records can a Record Manager manage?
- Risk
- Controls
- Events
- Findings & Treatment Plan
- Indicators
Do all NAB employees have access to GRACE in their NAB single sign on profile?
Yes
What can create, modify, manage, retire, close, withdraw records in GRACE?
- Owner
- Manager
- GRC Facilitator
- General User
Who can be considered a General User of GRACE?
Anyone from NAB
What key attributes/responsibilities does a General User have?
- Responsible for identifying risk.
- Is the eyes and ears of the Organisation.
What is a GRC Facilitator?
- An SME with enhanced system access.
- Typically, a specialist from Enterprise Controls/Divisional Controls, however, could also be from the Business.
What do GRC Facilitators do?
- Triage, edit, and provide guidance on a broad range of records.
- Help coordinate risk management activities and insights.
- Provide guidance/expertise to help Business manage their records.
- Complete activities on behalf of Owner or Manager.
Who provides review & challenge in GRACE?
- 2nd Line Risk Specialist
- Typically, a Senior Manager or Senior Risk Partner
Is a 2nd Line Risk Specialist part of the workflow in GRACE?
No
What does a 2nd Line Risk Specialist do in GRACE?
- Review and challenge of a record.
- Independently monitor and manage risks (not part of formal record workflow).
- Create and read records (as a General User).
What is a GRACE Librarian?
Risk Specialist responsible for creating, modifying, and managing library records.
Is a GRACE Librarian part of the normal workflow of a record?
Only for Obligations; otherwise, no.
What does a GRACE Librarian do regarding Obligations?
- Create Master Obligations
- Assign Obligation Owner & Manager
- Creating Obligation instances from relevant Master Obligation and assigning this to the appropriate node in the hierarchy.
- Closing/retiring Master Obligations and Obligation Instances.
