0 Replies · Latest reply on Nov 17, 2017 11:17 AM by Anurag Tiwari

    Completion of Issue results in Control to be Effective. Always!

      Dear GRCians,

       

      For the fellows who has worked on IT GRC and now is working on GRC Istanbul would have witnessed some un-digestive process flow.

      IT GRC - Earlier we had that once the Control Test fail a remediation was created and the Control was set to Non Compliant.  Which was logical as in if the org wanted to make the control compliant it can only be done once the Control was again executed and the CTI would get compliant as previously the issue was remediated in the remediation.

       

      GRC Istanbul- The flow goes like below

      Control > Indicator > Indicator Task

      if  indicator task pass then the Controls are effective

      if(indicator task fails) then the issue is generated. And time being the Control is Non Effective. But the sooner the Issue is Closed Complete the Control gets Effective.

       

      If this happens then in an Audit or compliance check all the control will always be effective even if they hold issue record in it. 100% Compliance. Is a myth.

      So is this the bug or is it  the way how compliance works.

       

       

      Best Regards,

      GRCian

      - Anurag Tiwari

      Make use of Like/Helpful buttons :)