OCEG Online / PR1.2 Implement and Manage Controls, Policies & Procedures

AboutMission & StructureFounders & Leadership CouncilAdvisory BoardSteering CommitteeMedia Partners/AffiliatesManagement TeamContact Us / FeedbackTechnology CouncilStandards & GuidelinesFrameworkProcess FoundationRisk Area DomainsExposure DraftsTechnology / XMLResourcesGRC illustrated seriesTopics & GroupsCase StudiesGRC360 MagazineExposure DraftsGRC SourceBlogsGRC 360° - Driving Principled Performance™GRC TechnologyOCEG Technology BlogBenchmarking SeriesAudit & EvaluationMeasurement & Metrics GuideUpcoming EventsWebinar SeriesMember to Member NetworkNews & AnnouncementsJob Postingswhy join?How Can OCEG Help Me?Benefits Overview:: Governance:: Risk Management:: Audit:: Compliance:: Ethics & culture:: Technologyjoin / upgrade now

Measurement + Benchmarking

Events + Networking

why join?

You are here :: home > knowledge network > FND-OCEG Foundation "Red Book" v1 > P-Process > PR-Prevent, Protect & Prepare > PR1-General Controls, Policies & Procedures > PR1.2 Implement and Manage Controls, Policies & Procedures

PR1.2 IMPLEMENT AND MANAGE CONTROLS, POLICIES & PROCEDURES

Implement, communicate and manage controls, policies and procedures to ensure that they operate and continue to be relevant.

Management should implement, manage, and monitor policies/procedures to ensure that they are in place and followed. Typically, the implementation of a policy/procedure should be accompanied by a communication regarding its implementation and an overview of its contents. Given the target audience or audiences, an appropriate communication channel must be selected. All policies/procedures should be periodically reviewed and updated to ensure that they reflect any changes in laws, rules, or regulations. If changes are significant, management should consider triggering a comprehensive planning process to more appropriately respond to the change.

Standards & Guidance

Establish standards and procedures to prevent and detect criminal or unacceptable conduct

Establish procedures to ensure program is followed, including procedures to detect criminal or unacceptable conduct

Ensure that policies are:
> appropriate to the entity's purposes
> include a commitment to comply with requirements
> provide a framework for establishing and reviewing entity objectives related to the policy
> communicated and understood within the entity
> reviewed for continuing suitability

Core Practices

PR1.2.101

Obtain evidence that each control/policy/procedure was implemented

PR1.2.102

Obtain evidence that each control/policy/procedure was communicated to the target audience

Additional Practices

PR1.2.201

Confirm target audience's receipt of control/policy/procedure

PR1.2.202

Confirm target audience's understanding of policy/procedure via assessment

PR1.2.203

Define help desk procedures for questions regarding policies and procedures

PR1.2.204

Define procedure to notify help desk of any additions, modifications or expiration of policies

GUIDELINE DETAILS

Actions:	Download
Legend:	Source / Reference Resource Domain Supplement