PACE 2.0

Question 1

What are the 7 PACE steps?

Answer 1

1. Understand core business activities
2. Develop process objective
3. Document process model and identify controls
4. Analyse controls and review linkages
5. Raise findings and treatment plans
6. Overlay controls, obligations, and risks
7. PACE certification and model approval

Question 2

What does PACE focus on?

Answer 2

The link between processes and controls

Question 3

In PACE 2.0, what risks and obligations will you have?

Answer 3

Only those related to processes you execute

Question 4

What will process objective capture?

Answer 4

• Business objectives
• Obligation compliance
• Risk mitigation
• Continuous monitoring (where relevant)

Question 5

What are PACE Coaches two key responsibilities to ensure?

Answer 5

1. PACE methodology is followed
2. Colleagues are appropriately trained and skilled to execute PACE

Question 6

Will PACE actively manage obligations or risk exposure?

Answer 6

No

Question 7

How will obligations be managed?

Answer 7

Through the Compliance Plan

Question 8

How will risks be managed?

Answer 8

Through risk profiling

Question 9

What will be the source of truth for controls supporting obligation or risk management?

Answer 9

GRACE

Question 10

Will the PACE Coach validate analysis of processes?

Answer 10

No

Question 11

Will PACE Coach QA models?

Answer 11

No

Question 12

When will relevant risks and obligations be agreed on?

Answer 12

At the start of PACE in a workshop

Question 13

Who is responsible for identifying risks and obligations relevant to in-scope processes?

Answer 13

‘Managers’ for Process, Risk, and Obligations

Question 14

After understand core process activities, what happens if it is determined that these aren’t included in the risk profile?

Answer 14

Risk Manager requests a Risk Profile refresh

Question 15

Who is responsible for ensuring process changes are reflected in Process Hub?

Answer 15

Process Model Owner

Question 16

Who is responsible for the execution of business activities (L4 processes)?

Answer 16

Process Owners/Managers

Question 17

What does individual control analysis check for?

Answer 17

Confirming if control objective supports process objective.

Question 18

What happens if an individual control objective does not match process objective?

Answer 18

A Finding is raised to have the control updated.

Question 19

When controls are analysed collectively, when it is decided that a gap has been identified?

Answer 19

If controls do not cover all aspects of the process objective (business performance requirements, obligation execution, risk exposure). Unless a risk has been ‘risk accepted’ with no controls.

Question 20

Who documents the process model steps?

Answer 20

• Process Model Owner
• PACE Process SME

Question 21

Who identifies/analyses controls?

Answer 21

• Process Model Owner
• PACE Controls SME

Question 22

How do we ensure the correct anticipated risks and obligations are automatically overlayed onto the process model once published?

Answer 22

The control-risk and control-obligation linkages are reviewed in GRACE. If they’re not aligned to what was agreed in the process objective workshop, the PMO or PACE Controls SME must create a Finding to address this

Question 23

How is the model finalised (seven tasks)?

Answer 23

1. PMO or PACE Controls SME overlays controls on the model.
2. Process Owner/Manager confirms model and controls are correct.
3. PMO validates the linkages align to agreed objective.
4. Findings/TPs raised in GRACE if required.
5. PACE Process SME submits the model.
6. PACE Coach certifies the model.
7. Process Owner/Manager provides final approval.