Versions Compared

Version Old Version 2 New Version 3
Changes made by

Tristan Mohn

Tristan Mohn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Benefits

...

A control is an activity or technical configuration put in place to satisfy an requirement, which is called an objective in ZenGRC. Controls are the only objects that are tested in the Audits module, which are then "accessed" in an assessment. Assessments are typically made after evidence over the effectiveness of a control has been submitted.

Overview

...

Assessments are made on the 1) Design and the 2) Operation of a control by selecting either “Effective” or “Ineffective”. Typically, controls receiving an “Ineffective” rating in either category need a corresponding issue created. The status of assessments are tracked in Audits.

Viewing and Evaluating Control Assessments

...

Info
titleNOTE

This section describes actions conducted on the Audit summary page, which opens from the Audits visual display page.

To view and evaluate a control assessment on the Audit summary page, complete the following steps:

  1. On the Audits visual display page, select the audit from the dropdown.
  2. Click the Assessments tab. 
  3. Scroll to the desired control assessment and click the link in the Title column.



  4. A dialog box displays with several steps for verifying or declining the control assessment.



  5. If the page opens in the Details tab, click the Attachments sub tab to review evidence.Enter
  6. a comment in the Comments text box.
    Tip
    titleTIP
    If you need additional information or need to decline the assessment, add your reasons

    To add a reason behind declining or verifying the assessment, click the Comments sub tab.

    Image Added

  7. Enter a comment in the Comments text box

    .Click

    and click Send to post

    the comment

    .

  8. In the Design dropdown box, select one of the following:
    1. --- - No rating. The control has not been rated. The page defaults to this.
    2. Effective - The control's design works as intended.
    3. Ineffective - The control's design does not work as intended.
    4. N/A - Rating the design is not applicable or can't be done.
  9. In the Operational effectiveness dropdown box, select one of the following:
    1. --- - No rating. The control has not been rated. The page defaults to this.
    2. Effective - The control is operating as intended.
    3. Ineffective - The control is not operating as intended.
    4. N/A - Rating the operational effectiveness is not applicable.
  10. Click the newly activated Complete Assessment buttonClick Decline Assessment if the evidence does not support the control's effectiveness or Verify Assessment if it does.

Tip
titleTIP

You can also create an issue from this dialog box if problems are found. Click Create Issue to map the issue to this assessment. Then follow the instructions in the Creating Issues section of this tutorial.

...

  1. Click one of the percentages displayed beside a status.
    1. All - This shows all control assessments, regardless of status.
    2. Open - This displays control assessments currently being worked on.
    3. Effective - This displays control assessments that have been researched and deemed effective.
    4. Ineffective - This shows control assessments that have been researched and deemed ineffective.
      Open - This displays control assessments currently being worked on.
      Image Removed
      Image Added

  2. The page refreshes with results.

Tip
titleTIP

Additional information about the remaining assessment fields is part of a details view that is standard across all objects in ZenGRC. Please see Navigation for more documentation.