I am developing an Access-based central database to track risk and internal control issues. This will be used to track internal control issues for FDICIA, Sarbanes Oxley, etc., and to monitor risks on an enterprise basis. The structure will be based on COSO's Internal Control - Integrated Framework and their upcoming Risk Management Framework (while I do have a life, I am anxiously awaiting COSO's draft Risk Management Framework to be published on 7/15...some would call me sick).
For those of you that fall under FDICIA and / or SOX, and for others that want to comment, how detailed are you going with your tracking and documentation. I am trying to track macro (entity level) risks / controls such as credit, IRR, liquidity, transaction, information security, technology, etc.; risks / controls by department; and risks / controls by process (i.e. wire transfer, loan payments, etc.).
Is anyone else going to this depth? If not, how are you tracking risks and controls? If you are, or would like to, is anyone interested in collaborating on this subject?
_________________________
My opinions are just that...my opinions.