Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Benefits

A control is an activity or technical configuration put in place to satisfy an requirement, which is called an objective in ZenGRC. Controls are the only objects that are tested in the Audits module, which are then "accessed" in an assessment. Assessments are typically made after evidence over the effectiveness of a control has been submitted.

Overview

Assessments are made on the 1) Design and the 2) Operation of a control by selecting either “Effective” or “Ineffective”. Typically, controls receiving an “Ineffective” rating in either category need a corresponding issue created. The status of assessments are tracked in Audits.

Viewing and Evaluating Control Assessments

NOTE

This section describes actions conducted on the Audit summary page, which opens from the Audits visual display page.

To view and evaluate a control assessment on the Audit summary page, complete the following steps:

  1. On the Audits visual display page, select the audit from the dropdown.
  2. Click the Assessments tab. 
  3. Scroll to the desired control assessment and click the link in the Title column.



  4. A dialog box displays with several steps for verifying or declining the control assessment.



  5. If the page opens in the Details tab, click the Attachments sub tab to review evidence.

  6. To add a reason behind declining or verifying the assessment, click the Comments sub tab.



  7. Enter a comment in the Comments text box and click Send to post.

  8. In the Design dropdown box, select one of the following:
    1. --- - No rating. The control has not been rated. The page defaults to this.
    2. Effective - The control's design works as intended.
    3. Ineffective - The control's design does not work as intended.
    4. N/A - Rating the design is not applicable or can't be done.
  9. In the Operational effectiveness dropdown box, select one of the following:
    1. --- - No rating. The control has not been rated. The page defaults to this.
    2. Effective - The control is operating as intended.
    3. Ineffective - The control is not operating as intended.
    4. N/A - Rating the operational effectiveness is not applicable.
  10. Click Decline Assessment if the evidence does not support the control's effectiveness or Verify Assessment if it does.

TIP

You can also create an issue from this dialog box if problems are found. Click Create Issue to map the issue to this assessment. Then follow the instructions in the Creating Issues section of this tutorial.

Filtering Control Assessments

Narrow control assessments displayed on the Control Assessments tab within an audit by utilizing the filter functionality.

To filter the control assessment, complete the following steps:

  1. Click one of the percentages displayed beside a status.
    1. All - This shows all control assessments, regardless of status.
    2. Open - This displays control assessments currently being worked on.
    3. Effective - This displays control assessments that have been researched and deemed effective.
    4. Ineffective - This shows control assessments that have been researched and deemed ineffective.



  2. The page refreshes with results.

TIP

Additional information about the remaining assessment fields is part of a details view that is standard across all objects in ZenGRC. Please see Navigation for more documentation.


  • No labels

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com