Manage control indicators using the Compliance Workspace

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage Control Indicators Using the Compliance Workspace

    The Compliance Workspace facilitates continuous monitoring of key risk and control indicators, essential for compliance administrators and managers. It provides an integrated view of compliance requirements, compliance status, and breakdowns, enabling effective oversight and management.

    Show full answer Show less

    Key Features

    • Indicator Collection: Indicators gather data related to controls and risks, serving as audit evidence.
    • Indicator Templates: Templates allow for the creation of multiple indicators for similar controls or risks.
    • Compliance Overview: This includes various visual reports such as donut charts for overall compliance, entity comparisons, and compliance breakdowns.
    • Authority Documents: These define the policies, risks, controls, and audits necessary for compliance. They can include content reference tags for easier filtering.
    • Citations: Citations break down authority documents into themes, allowing for better management and relationship creation. Content reference tags can also be added here.

    Key Outcomes

    By utilizing the Compliance Workspace, organizations can streamline their compliance activities, improve risk monitoring, and enhance audit readiness. The insights gained from the compliance overview and indicators help in creating issues for controls, updating risk scores, and supporting audit and control testing activities.

    Continuous monitoring involves activities related to identifying and creating key risk and controls indicators. The Compliance Overview is available to compliance administrators and compliance managers, providing an executive view into compliance requirements, overall compliance, and compliance breakdowns.

    Supporting information can be collected for indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.
    Indicators
    Indicators collect data to monitor controls and risks, and collect audit evidence. Indicators monitor a single control or risk.
    Indicator templates
    Indicator templates allow the creation of multiple indicators for similar controls or risks.

    Compliance Overview

    Table 1. Compliance Overview reports in the base system
    Name Visual Description
    Compliance Requirements Donut chart Select a wedge to focus on a specific compliance area.
    Overall Compliance Donut chart Displays the overall compliance of all the control requirements in the system. Selecting a specific wedge in the previous widget brings that area into focus.
    Entity Drop down list Select one or more entities to view and compare their compliance across multiple items.
    Control State Check list Select or clear check boxes to view filter reports by control state.
    Compliance by Authority Document Bar Chart Compare level of compliance depending on the selected entity and/or authority document.
    Compliance breakdown Multi-level Pivot View a breakdown of control compliance by related authority documents and policies.
    Non Compliant Entities Column Chart Count of non-compliant control requirements grouped by entity.

    Authority Documents

    Authority documents define policies, risks, controls, audits, and other processes to ensure adherence to the authoritative content.

    Each authority document is defined in a record and the related lists on that record contain the individual conditions of the authority document.

    The relationships of these authority document related list items are visible in the GRC Workbench in the Policy and Compliance Management application.
    Note:
    You can add content reference tags to authority documents. Content reference tags allow you to filter records in order to more easily identify the content packs, integrations, and use case accelerators associated with the authority documents.

    Citations

    Citations contain the provisions of the authority document, which can be interrelated. Citations break down an authority document into manageable themes.

    You can create citations or import them from UCF authority documents and then create any necessary relationships between the citations.
    Note:
    You can add content reference tags to citations. Content reference tags allow you to filter records in order to more easily identify the content packs, integrations, and use case accelerators associated with the citations.