Issues Management Use Case Design

The Findings Folder application allows you to group findings that all come from the same base issue or that a user wants to group.

The Findings application allows you to document issues, deficiencies, or gaps found through assessments and control testing. Findings are either auto-generated from questionnaires, including links back to the questionnaire, target, and any applicable control standards and authoritative sources, or are manually generated by users. Findings can be resolved through remediation tasks and/or exception requests.

Through the Findings application, you can:

• Review findings that are auto-generated through the results of assessments and control testing.
• Use automated workflow to route findings to the appropriate personnel.
• Mitigate findings through remediation tasks and/or exception requests. The system calculates residual risk and compliance status based on the resolution of findings.
• Relate multiple findings in the context of a remediation plan.
• Track tasks associated with findings resolution.

The Remediation Plans application allows you to document the specific actions management plans to take to address identified gaps and issues. You can capture key details about remediation efforts, including estimated and actual costs, timelines, owners and detailed actions. You can associate multiple remediation plans with a single finding and track each effort individually. You can also relate a single remediation plan with multiple findings in the event that an action is designed to address multiple issues.

The Exception Requests application allows you to manage the process of granting, denying, and expiring exceptions to the remediation required in a finding. Through built-in workflow, the application ensures that all exceptions are properly reviewed. The tool can also report on exceptions across the enterprise, monitoring them by control, department, or severity.

Through the Exception Requests application, you can:

• Enable employees to submit exception requests through an easy-to-use web interface.
• Allow designated individuals to evaluate exception requests and approve or deny the requests based on risk posed to the business.
• Grant exceptions for a specific period of time and notify proper personnel as expiration dates approach.
• Enable management to track granted exceptions, facilitating periodic reviews of exceptions and the exceptions’ impact.
• Allow employees to track the status of their own policy exception requests through My Requests reports.
• Understand the policies or standards with the most approved exceptions and use the information to support training and awareness programs.

The Company application stores general, financial, and compliance information at the company level. Combined with the Division and Business Unit applications, this application supports roll-up reporting of governance, risk, and compliance initiatives across the enterprise.

Note: The Company application is included in the Enterprise Catalog package.

The Division application represents the intermediate unit within the business hierarchy which is a layer below the high-level company and a layer above the individual business unit. You can use this application to further document the relationships within your business and measure the effectiveness and compliance of individual divisions within the enterprise.

Note: The Division application is included in the Enterprise Catalog package.

The Business Unit application provides a detailed view of all activities related to the specific business unit.

Note: The Business Unit application is included in the Enterprise Catalog package.