Risk and Control Matrix

This report provides information on control and risk matrix. You can find out what risks specific controls are covering, under different risk models (Subprocess – Accounts Group and Assertions – Risk – Control; Subprocess – Control Objective – Risk – Control; Subprocess – Risk – Control).

Risk Coverage

This report provides visibility into the coverage of risks by controls by organization and process. For each risk associated with a subprocess, it shows the list of controls assigned. You can review this report and understand the risk gaps to determine if new controls are needed.

Organization and Process Structure

This report provides visibility into the organization - process - subprocess - control hierarchy. You can review this report and understand what controls and processes are assigned under each of the business entities.

Indirect Entity-Level Control (iELC) Structure

This report provides visibility into the organization - indirect entity-level control structure. You can review this report and understand what indirect entity-level controls are implemented under each business entity and determine if new iELCs are needed.

Test Plan by Control

This report provides visibility into the coverage of test plans by controls by organization and process. For each control, it shows the list of test plans assigned. You can review this report and determine if test plans have been assigned properly to all controls to be tested.

Change Analysis

This report provides visibility into all process control object changes and details within a selected time period. You can review this report and find out what changes (creation, modification, removal, and role assignment) have been performed to each object.

Audit Log

This report shows chronologically all changes to local and central objects within a time period. You can review this report and find out what changes have been performed to each central or local object.

Risk-Based Compliance Management

This report provides visibility into the coverage of both Risk Management and Process Control risks by organization and process. For each risk, it shows the list of controls assigned as well as the control design and testing status. You can review this report and understand the risk gaps to determine if new controls are needed.

Policies by Regulation

This report provides a method to access all policies, procedures, work instructions, and so on, that the company has in place to address a certain regulation and/or requirement.

Policies Versions

This report provides the capability to look at the different versions of a policy, procedure, work instruction, and so forth, to provide an idea of how the policy has progressed and evolved over time. This report also shows the documents (with the version numbers) that were attached to the policy object in its different versions. The ownership and creation information for each of the versions is also available in this report.

Risks Associated with Policies

This report provides the ability to access the local Risk Management risks associated with a certain policy, procedure, work instruction, and so on. It also can retrieve a report that lists all the policies, procedures, work instructions, and so forth, that the company associated with a risk.

Processes and Controls with Policies

This report details the processes that are impacted by a certain policy. It also lists which controls are in place to ensure compliance with the policy.

Regulation/Policy Requirement-Control Coverage

This report provides visibility into the coverage of controls by requirement by regulation or policy. For each regulation requirement, it shows the list of controls assigned. You can review this report and determine whether further controls are needed.

Control-Regulation/Policy Requirement Coverage

This report provides visibility into the coverage of requirements by controls by organization and process. For each control, it shows the list of requirements assigned. You can review this report and determine whether further requirements could be covered by a specific control.