Can someone help me with GRC questions?

vijayr2313
Tera Contributor

I'm preparing for exam and some of below questions are confusing so if you guys give me correct answer that would be great 

 

Who can send the Policy back to draft or forward it by requesting approval? (Select three)
Approvers
Owning Group
Owner
Reviewers

 

Control Failure Factor represents the impact of Control Failures on what score?
Residual
Inherent
Calculated
Total

 

When selecting policy exception sources: (Select four)
Only Policies in Review can be selected.
Issues in Draft or Retired state cannot be selected.
The selected Policy, Control Objective, and Issues must be related.
Only Issues with an active control can be selected.
Only Issues in Respond state can be selected.
Only published Policies can be selected.

 

Which role(s) has the capability to create Policies? Choose two.)
Compliance User
Risk Manager
Compliance Manager
Compliance Admin

 

David is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two)
sn_grc.manager
sn_grc.reader
sn_grc.user
sn_grc.developer
sn_audit.user

 

The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement?
Risk Criteria Matrix
Registered Risk
Risk Framework
Risk Response Issue

 

If a company is performing similar tests across many of their technical and process controls. What will be the best approach?
Create a test plan for each control
Create Engagement templates
Leverage test templates
Create a test plan for all controls

 

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?
Risk Management
Audit Management
Policy and Compliance Management
Vendor Risk Management

 

The Entity Filter record requires which mandatory field to be completed?
a) Filter date
b) Filter name
c) Conditions
d) Source table

2 REPLIES 2

SoniaShridhar13
Giga Guru

@vijayr2313 Hi!

Please find below answers - 

Control Failure Factor represents the impact of Control Failures on what score? --> Residual

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls? --> Policy & Compliance Management

The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement? --> Risk Criteria Matrix

David is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two)-->
sn_grc.manager
sn_grc.user

Which role(s) has the capability to create Policies? Choose two.)-->

Compliance Manager
Compliance Admin

 

Please mark it helpful if it helps...

Thanks,

Sonia

Hi @SoniaShridhar13, could you please explain the rationale behind this one: Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls? 

You mentioned Policy and Compliance Management, but I thought it would have been Risk Management, which includes functionality to measure control effectiveness? From the textbook: "create the manual factor for Control Effectiveness, which calculates the control effectiveness score on the Control Effectiveness Assessment"(pg 243)? More on the process, here: https://docs.servicenow.com/bundle/vancouver-governance-risk-compliance/page/product/grc-risk/task/c...

 

Alternatively, this link shows how audit management also can measure control test  effectiveness https://docs.servicenow.com/bundle/tokyo-governance-risk-compliance/page/product/grc-audit/concept/i...

 

Seems like it can really go either way