Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »


đź”– Glossary


➡ Reporting: Audit Overview Metrics

👉 How do I create a Finding?

Findings are created directly from Control Assessments by Control Assessors. During the Control Assessment, when a control has been deemed ineffective, the Control Assessor will Create a finding which supports the subsequent Treatment Plan

Note: Treatment Plan workflow is available in future releases

To create a Finding record, within the Control Assessment flyout card, go to the bottom and choose the Create a finding button.

You are then directed to the Create a new finding card, where you must complete the required fields: Title, Description, Treatment Plan, and Due Date.

On the right side of the Create a new finding card, you will also see the related Audit record and the specific Control Assessment that is related to this newly created Finding. 

The Control Assessor is required to complete all of the fields before choosing Save

(question) Why should I create a Finding?

Findings address the observations that are identified by Control Assessors from a Control Assessment that has been deemed ineffective.

Findings should provide sufficient detail around the actionable next steps associated with the deficient (ineffective) control.

Provided below is an example of data typically input when creating a Finding. The example represents the actionable next steps to address an organization’s access control deficiencies:

 Example:

Control Assessment for Logical Access Control to an organization’s HR Management System.

Control deficiency (ineffective): a manual and inconsistent process is enforced when a change in Management Title or Pay occurs in the organization. There are several actions involved to remediate:

  1. Address the short term: assign specific individuals as admins of the HR Management System to restrict access.

  2. Develop and implement a change control process for changes in title or pay that is documented as part of a Standard Operating Procedure.

  3. Configure single sign-on (SSO) access of the procurement system for those designated admin users.

A deficiency in one control - logical access control to HR Process - results in creating 3 findings to move towards remediation.

(lightbulb) Insight & Helpful Tips

Need to monitor and report on your Audit Program?

After creating Findings from Control Assessments, you can view the status of the Audit program’s related Findings and more on the Audit Overview Metrics as well as the Audit Dashboard.

🔍 What am I Viewing?

You can create a finding from the Control assessment flyout card

Here, you are required to input the following fields: Title, Description, Treatment plan, and the Due date for this finding

Once the finding is created, it may be accessed from the Findings tab within the header bar from the Audit overview page

⬅ Go Back

 Global Navigation

The selected root page could not be found.

đź”– Glossary

➡ Reporting: Audit Overview Metrics

  • No labels

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com