Control 3.3: Compliance and Regulatory Reporting - Verification & Testing
This playbook provides verification and testing procedures for Control 3.3.
Verification Steps
1. Report Generation
- Execute weekly control status report
- Verify all 71 controls appear with accurate status
- Confirm pillar scores calculate correctly
2. Distribution Workflow
- Send test report to distribution list
- Verify approval workflow triggers
- Confirm archive to SharePoint succeeds
3. Regulatory Alignment
- Review control-to-regulation mapping
- Verify evidence links are valid
- Test examination package generation
4. Dashboard Accuracy
- Compare dashboard metrics to source data
- Verify trend calculations are correct
- Test drill-down functionality
Compliance Checklist
| Item | Required For | Status |
|---|---|---|
| Weekly control status reports | Internal governance | |
| Monthly executive dashboard | SOX 302/404 | |
| Quarterly audit packages | External audit | |
| Examination ready packages | FINRA/SEC/OCC | |
| 7-year report retention | FINRA 4511, SEC 17a-4 | |
| Executive sign-off workflow | SOX 302 | |
| Automated report generation | Operational efficiency |
Test Cases
Test Case 1: Weekly Report Generation
Objective: Verify automated weekly report generates correctly
Steps:
- Trigger weekly report flow manually
- Verify report contains all four pillars
- Check compliance scores are calculated
- Confirm report is saved to SharePoint
Expected Result: Report generates with accurate data and archives successfully
Test Case 2: Approval Workflow
Objective: Verify monthly report requires CCO approval
Steps:
- Generate monthly regulatory report
- Verify approval request sent to CCO
- Approve the report
- Confirm report distributes to recipients
Expected Result: Report held until approval, then distributed
Test Case 3: Examination Package
Objective: Verify regulator-specific packages include correct documents
Steps:
- Generate FINRA examination package
- Verify all 8 required documents listed in manifest
- Generate SEC package
- Verify different document set
Expected Result: Each regulator package contains appropriate documents
Evidence Collection
For regulatory examinations, collect:
- Screenshot of Compliance Manager dashboard
- Export of control status report
- SharePoint archive showing report retention
- Power Automate flow run history
- Approval workflow completion records
Next Steps
- Portal Walkthrough - Manual configuration
- PowerShell Setup - Automation scripts
- Troubleshooting - Common issues
Updated: January 2026 | Version: v1.2