Manage control indicators using the Compliance Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage Control Indicators Using the Compliance Workspace

    The Compliance Workspace enables continuous monitoring of key risk and control indicators, providing compliance administrators and managers with an executive view of compliance requirements and breakdowns. Data for indicators can be gathered automatically or through manual tasks, which are essential for generating issues, updating risk scores, and supporting audits and control testing.

    Show full answer Show less

    Key Features

    • Indicators: Collect data to monitor specific controls or risks, and gather audit evidence.
    • Indicator Templates: Facilitate the creation of multiple indicators for similar controls or risks.
    • Compliance Overview: Provides various visual reports including:
      • Compliance Requirements: Donut chart focusing on specific compliance areas.
      • Overall Compliance: Displays overall compliance status across all control requirements.
      • Entity Selection: Allows comparison of compliance across selected entities.
      • Control State Filtering: Enables report filtering by control state.
      • Compliance by Authority Document: Bar chart comparing compliance levels based on selected entities.
      • Compliance Breakdown: Multi-level view of control compliance related to authority documents and policies.
      • Non-Compliant Entities: Column chart showing counts of non-compliant requirements by entity.
    • Authority Documents: Define policies, risks, and controls, with related lists visible in the GRC Workbench for easy management.
    • Citations: Break down authority documents into themes, allowing for creation or import from UCF documents, with interrelationships manageable through content reference tags.

    Key Outcomes

    Utilizing the Compliance Workspace empowers organizations to effectively monitor compliance, manage risks, and streamline audit processes. Customers can expect improved visibility into compliance areas and better management of control indicators, ultimately leading to enhanced decision-making and adherence to policies.

    Continuous monitoring involves activities related to identifying and creating key risk and controls indicators. The Compliance Overview is available to compliance administrators and compliance managers, providing an executive view into compliance requirements, overall compliance, and compliance breakdowns.

    Supporting information can be collected for indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.
    Indicators
    Indicators collect data to monitor controls and risks, and collect audit evidence. Indicators monitor a single control or risk.
    Indicator templates
    Indicator templates allow the creation of multiple indicators for similar controls or risks.

    Compliance Overview

    Table 1. Compliance Overview reports in the base system
    Name Visual Description
    Compliance Requirements Donut chart Select a wedge to focus on a specific compliance area.
    Overall Compliance Donut chart Displays the overall compliance of all the control requirements in the system. Selecting a specific wedge in the previous widget brings that area into focus.
    Entity Drop down list Select one or more entities to view and compare their compliance across multiple items.
    Control State Check list Select or clear check boxes to view filter reports by control state.
    Compliance by Authority Document Bar Chart Compare level of compliance depending on the selected entity and/or authority document.
    Compliance breakdown Multi-level Pivot View a breakdown of control compliance by related authority documents and policies.
    Non Compliant Entities Column Chart Count of non-compliant control requirements grouped by entity.

    Authority Documents

    Authority documents define policies, risks, controls, audits, and other processes to ensure adherence to the authoritative content.

    Each authority document is defined in a record and the related lists on that record contain the individual conditions of the authority document.

    The relationships of these authority document related list items are visible in the GRC Workbench in the Policy and Compliance Management application.
    Note:
    You can add content reference tags to authority documents. Content reference tags allow you to filter records in order to more easily identify the content packs, integrations, and use case accelerators associated with the authority documents.

    Citations

    Citations contain the provisions of the authority document, which can be interrelated. Citations break down an authority document into manageable themes.

    You can create citations or import them from UCF authority documents and then create any necessary relationships between the citations.
    Note:
    You can add content reference tags to citations. Content reference tags allow you to filter records in order to more easily identify the content packs, integrations, and use case accelerators associated with the citations.