-
Intro
-
General Guidance
-
Tasks
-
Compliance
-
Controls
-
Meta Model
-
Administration
Compliance
Findings
Role Specific Access
The vucavoid Findings feature is accessible to users with the following roles:
- Finding Manager: This role is responsible for managing and overseeing findings within the system, including documentation, status updates, and remediation processes.
- Compliance Manager: Users with this role have access to view and manage findings, playing a key role in ensuring organizational compliance.
- Risk Manager (view only): While primarily focused on risk management, users in this role have view access to findings, allowing them to understand the compliance landscape and its potential impact on risk.
Overview
Definition and Context
Findings in vucavoid represent actual observations of non-compliance, whether due to policy violations, incorrect IT configurations, illegal contractual clauses, or similar issues. It's important to differentiate findings from risks and incidents:
- Risks are potential threats that could harm the enterprise.
- Incidents refer to actual events that have already caused harm.
- Findings are observed or recorded instances of non-compliance that have not necessarily led to materialized damage but may potentially lead to such outcomes if unaddressed.
Finding Attributes
Findings in vucavoid are characterized by a set of attributes that detail their nature, source, status, and management requirements.
Finding Basics
- Title: Assign a concise title to the finding.
- Description: Provide a detailed description of the finding, explaining the specifics of the observed non-compliance.
Intake Way
- Identification: Choose how the finding was identified, with options like Internal Audit, External Audit, Site Inspection, various types of calls, Application Notification, Email, Assessment, or Other.
- Identification Details: Offer further details on the identification, regardless of the chosen method.
- Identifier: Select the vucavoid user who identified the finding.
- Custom Identifier: Optionally, enter a custom name for the identifier of the finding.
Status
- Status Options: Set the finding's processing status, with choices including Initial, Reviewing, Remedying, Closed, or Archived.
Finding Management
- Owner: Appoint the person responsible for the finding, usually someone with business or technical responsibility in the relevant area.
- Finding Managers: Assign vucavoid users with the Finding Manager role to the finding.
- Watchers: Read-only access to the specific finding.
Priority
- Priority Levels: Choose the urgency level of the finding from options like Urgent, High, Medium, Low, or Insignificant.
Parameters
- Affected Criteria, Domains, Categories, and Standards: Tag the finding with relevant criteria, domains, categories, and standards for documentation and reporting purposes.
Findings List
The Findings List in vucavoid provides a centralized view of all findings, facilitating tracking and management.
-
Visible Information: For each finding, the list displays:
- Title
- Status
- Remediation Strategy
- Priority
- Owner
- Number of Affected Objects
- Search and Filter: Utilize the search field and filters to quickly locate specific findings.
- Pagination: Manage large numbers of findings using the pagination feature.
Remediation Workflow
vucavoid's remediation workflow focuses on effectively addressing and resolving findings.
-
Initiating Remediation: To start the remediation process for a finding:
- Navigate to the detailed view of the finding.
- Click the "Remediate" button located at the top right above the form.
-
Remediation Options: In the subsequent window, select from:
- Remediate Finding: Implement one or more controls to address the finding. Select the applicable control.
- Accepted, Not Remediated: Acknowledge the finding but choose not to remediate. This option increases the VUCA score due to the continued compliance violation.
- Evaluation Basis Changed: If the basis for the finding's evaluation changes, this option reclassifies the finding as no longer relevant, without affecting the VUCA score.
Additional Information
This section provides extra insights and best practices for effectively managing findings in vucavoid:
- Proactive Management: Regularly review and update the status of findings to ensure timely remediation and to prevent escalation into more serious incidents or risks.
- Comprehensive Documentation: Thoroughly document each finding's details, including its source, nature, and potential impact. This ensures clarity and aids in determining the most appropriate remediation strategy.
- Collaborative Approach: Encourage collaboration between Finding Managers, Compliance Managers, and other relevant stakeholders to develop effective remediation plans and to share insights on preventing similar findings in the future.
- Leveraging Findings for Improvement: Use findings as opportunities to strengthen your organization's compliance posture. Analyzing patterns in findings can reveal areas needing more robust controls or policy adjustments.
- Maintaining Compliance Visibility: Regularly review the findings list to keep a pulse on your organization's compliance status, helping to identify trends and prioritize actions.