Controls Performance Verification - A Principled Performance Playbook

This Playbook takes a deep dive into one discrete aspect of controls verification – the assurance that controls are operating as designed with an acceptable level of maturity.

In order to drive the attainment of Principled Performance, an organization must focus on effectively managing controls to ensure their operation is an essential aspect of their GRC capability. It is a key “play in the game” and an important building block for success. We have developed this Principled Performance Playbook to provide the reader with some essential guidance and tools to get started. Just like a football Playbook, this document outlines the steps to take – or plays – and sets up the structure for assignment of the various tasks to those in your organization.

Using manual tests and spreadsheets to manage the process can be effective when you have a very small number of controls to track, but this approach becomes extremely inefficient and costly when evaluating hundreds or thousands of controls throughout the organization. Risk management and GRC software providers enable organizations to efficiently and cost-effectively verify controls operation.

The Playbook contains these playsheets: Control Deviation Ranking Tool, Operational Performance Review Sheet, Controls Operation Verification Overview, and a Controls Maturity Assessment Tool. It concludes with a checklist for selecting a technology that enables automated controls verification and transparent records of review activities and findings.

Related Resources