SOP - Stage 5: Monitoring and Improvement

Question 1

Why might CM require update?

Answer 1

To align to updates to business operations and process objective.

Question 2

What are the two purposes of Stage 5: Monitoring and Improvement?

Answer 2

1. Assess ongoing effectiveness
2. Optimise CM where possible

Question 3

What are the 3 key activities in Stage 5: Monitoring and Improvement?

Answer 3

1. Complete self-assessment
2. Complete independent CM testing
3. Change or decommission CM

Question 4

How is CM self-assessed?

Answer 4

Via a Continuous Monitoring Self-Assessment (CMSA)

Question 5

Why is CM self-assessed?

Answer 5

To determine whether the CM design meets its objective and is operating as designed.

Question 6

What are 4 triggers for Continuous Monitoring Self-Assessment (CMSA)?

Answer 6

1. Annual PH process certification
2. A material event
3. Findings (moderate and above)
4. Indicator (red) linked to the CM/Process

Question 7

What should be done if Continuous Monitoring Self-Assessment (CMSA) result is Not Effective?

Answer 7

Create Finding and Treatment Plan

Question 8

Who undertakes periodic independent testing of CM and why?

Answer 8

CCoE do independent testing as an ongoing governance mechanism to ensure the integrity of the CM.

Question 9

Where is the Continuous Monitoring Self-Assessment (CMSA) uploaded?

Answer 9

SharePoint

Question 10

Where are independent CM testing results (and applicable Findings) uploaded?

Answer 10

GRACE - Second Line Review tab

Question 11

If CM design or operation is determined to be Not Effective, what two things must Process Owners do?

Answer 11

1. Inform owners who have controls, risks, and obligations that are linked to the CM.
2. Respond to the findings in GRACE with a TP