Versions Compared

Version Old Version 4 New Version 5
Changes made by

Tristan Mohn (Deactivated)

Tristan Mohn (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Assessments rate the effectiveness of a control in two ways: 1. Design; 2. Operation. Typically, controls receiving an “Ineffective” rating in either category need a corresponding issue created. The status of assessments are tracked in Audits.

...

Accessing Control Assessments from Audits

...

Administrators and those with additional permissions access requests from the Audits module.

Info
titleNOTE

This section describes actions conducted on the Audit summary page, which opens from the Audits visual display page.

To view and evaluate a control assessment on the Audit summary page, complete the following steps:

  1. On the Audits visual display page, select the audit from the dropdown.
  2. Click the Assessments tab. 
  3. Scroll to Find the desired control assessment and click the link in the Title column.



  4. A dialog box displays with several steps for verifying or declining the control assessment.



  5. If the page opens in the Details tab, click the Attachments sub tab to review evidence.

Accessing Assessments from the To-Do List

...

Those with limited permissions who are assigned requests will only have access to them from their to-list.

Tip
titleTIP

For additional information, please see To-Do List.

Evaluating Control Assessments

...

You can open control assessments in several ways, with the main access points coming from the To-Do List and Audits. 

  1. If the Attachments area is not already displaying, select that sub tab.

    Image Added

  2. Review evidence on the Attachments sub tab.
  3. To add a reason behind declining or verifying the assessment, click the Comments sub tab.
    Image Removed
  4. Enter a comment in the Comments text box and click Send to post. This only saves the comment but does not impact the status of the assessment.In the Design dropdown box, select

    Image Added

  5. After review, there are two selections in the upper, left corner:
    • Conclusion: Design – Control language is appropriate and it satisfies the objective. Select one of the following:
      1. --- - No rating. The control has not been rated. The page defaults to this.
      2. Effective - The control's design works as intended.
      3. Ineffective - The control's design does not work as intended.
      4. N/A - Rating the design is not applicable or can't be done.
    In the Operational effectiveness dropdown box, select
    • Conclusion: Operational - Control is working effectively. If ineffective, create issue and report finding that you can work on. Select one of the following:
      1. --- - No rating. The control has not been rated. The page defaults to this.
      2. Effective - The control is operating as intended.
      3. Ineffective - The control is not operating as intended.
      4. N/A - Rating the operational effectiveness is not applicable.

        Image Added
    Click Decline Assessment if the evidence does not support the control's effectiveness or Verify Assessment if it does.

...

titleTIP

...


  2. Click Verify Assessment. This is the selection even if the conclusion for the design and/or operation is deemed ineffective. This sets the status to Completed and shows that the control either is or is not effective. 
  3. Alternatively, click Decline Assessment to set the status back to Open. This notes that the information is incomplete and sends it back to the assignee to provide additional evidence. It does not close or complete the assessment.

    Image Added

Viewing Additional Details

...

Assessments, requests and tasks have a toggle button to display more or less information. 

To alter your view, complete the following steps:

  1. On the assessment, click Show less for a streamlined view of only the Attachments and Comments sub tabs.

    Image Added

  2. Alternatively, if you need more details, click Show more to display all sub tabs and other fields.

    Image Added

Filtering Control Assessments

...

Tip
titleTIP

Additional information about the remaining assessment fields is part of a details view that is standard across all objects in ZenGRC. Please see Navigation for more documentation.

Exporting Assessments

...

Assessments can be exported for external auditors or any other reviewers your organization may have. The export can be formatted as a CSV or as a zip file with the attachments inside.

ADD NOTE TO SEE NAVIGATION section.