Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Benefits


A control is an activity or technical configuration put in place to satisfy a requirement, which is called an objective in ZenGRC. Controls are the only objects that are tested in the Audits module, which are then "assessed" in an assessment. Assessments are typically performed after evidence showing the control in action has been submitted.

Overview


This documentation highlights additional functionality that audit managers or administrators may need. For streamlined steps on how to finish your portion of an assignment, please see Quick Tips for Assessments.

When an audit is started, assessments are automatically created on a one-to-one basis with the audit's controls. Assessments rate the effectiveness of a control in both design and operation. To make the process more efficient, you can review the associated details of the control (title, description and, test plan) on the assessment itself. In order to perform the control assessment, the related objectives (on the Design tab) and the related evidence requests (on the Operational Effectiveness tab) can be reviewed on the assessment card as well.

After reviewing the necessary information, the assessor can evaluate the control on a design and operational effectiveness level. Typically, if a control receives an “Ineffective” rating in either category, then a corresponding issue is created. See the issue creation process in Working with Issues.

Info
titleNOTE

Audit managers and those with additional permissions access requests from the Audits module, while those with limited permissions access assessments from the To-Do List. See details of access rights in Role-Based Permissions.

Accessing Control Assessments from Audits


This section describes actions conducted on the Audit summary page, which opens when an individual audit is clicked in the Audits module.

On the Audit summary page, complete the following steps:

  1. Click the Assessments tab. 



  2. Find the control assessment and click the link in the Title column.

Accessing Assessments Through the System of Record


To access requests, complete the following steps.

  1. Click System of Record | Assessments.
  2. The Assessments page displays showing all existing items.

Accessing Assessments from the To-Do List


Those with limited permissions who are assigned assessments will only have access to them from their To-Do List.

Info
titleNOTE

For additional information, please see To-Do List.

Evaluating Assessments


For streamlined steps on how to finish your portion of an assessment, please see Quick Tips for Assessments.

Filtering Control Assessments in Audits


Narrow control assessments displayed on the Control Assessments tab within an audit by utilizing the filter functionality.

To filter control assessments, complete the following steps:

  1. Click one of the percentages displayed beside a status.
    1. All - This shows all control assessments, regardless of status.
    2. Open - This displays control assessments currently being worked on.
    3. Effective - This displays control assessments that have been researched and deemed effective.
    4. Ineffective - This shows control assessments that have been researched and deemed ineffective.



  2. The page refreshes with results.

Exporting Control Assessments


Information in a control assessment can be exported for external auditors or any other reviewers your organization may have. The export can be formatted as a CSV or as a zip file with the attachments inside.

Include Page
DI:Note - Exporting To-Do and Audit
DI:Note - Exporting To-Do and Audit

Setting Up Recurrence


Requests, assessments and tasks can be set up to repeat on a monthly, quarterly, semi-annual, and annual basis.

Include Page
DI:NOTE - Recurrence
DI:NOTE - Recurrence