Under any defined group or subgroup in Organization Content, you can create one or more new control objectives as the starting point to define one or more policy controls and subcontrols that address the new control objective. To create a control objective, you must have Control View and Control Author permissions.
To modify an existing control objective, click Edit.
To create a control objective:
Go to Content Risks > Controls and Questionnaires.
Expand Organization Content and select a group.
Optional: Structure your content in a new root folder by creating a new group.
Click New Control Objective.
The General tab.
Enter the following fields:
Title: The label that identifies the control objective.
Objective: Specifies the purpose of supporting controls that enforce, check, or verify risk measurement and compliance with organization policies and goals.
- Identifier: Enter an optional identifier for the new control
Weight: Indicates the weight assigned to this control objective when paired with others in an assessment. When compliance and risk scores are rolled up, values are calculated based on the percentage this control object's weight contributes to the total weight of objectives at the same level in a hierarchy.
Status: Lets you specify the stage of associated control development or completion. Later on, you can use this information to identify and track progress in various stages of completion.
- Version: Enter the new control objective's version in any consistent format.
- Categories: Assign a category to the control objective.
- Target Entity's Preferred Ownership: Choose users, teams, and roles to be preferred owners of the new control objective.
- Other Information/Notes: Enter additional information about the control objective.
The Create Control Objective screen.
Click Save.
