You can create a finding for an entity, a failed control or any control that does not achieve the desired compliance. Findings for a failed control can be created on the Control Results tab of Assessment Details page, whereas findings for an entity can be created on the Findings tab of Assessment Details page or on the Home > Findings page. At a minimum, findings allow you to perform the risk assessment when created. However, it is the responsibility of the program owner to provide a way for the workflow stage stakeholders to respond to a finding using multiple response mechanisms. For information about how to configure a response mechanism to a finding, see Setting Control Response Options.
Findings are associated with specific assessments, but the wizard allows you to either select an existing assessment or create a new one. You can also create a new entity to associate with the new finding. In this case, you must also create an assessment.
To create a finding:
Go to the Home > Findings page and click New. The New Finding wizard appears, and displays the General wizard page.
In the General wizard page. Enter Title, and Description, and select Ownerand Team. Click Next to continue.
In the Risk Assessment wizard page, assess the risk of this Finding by choosing a likelihood and an impact. Select Impact, Likelihood, residual Impact, and residual Likelihoodvalues. Click Next to continue.
In the Entity wizard page, select an existing entity, or create a new entity, which will be the subject of this finding. Click Next to continue.
In the Assessment wizard page Select an existing assessment, or create a new assessment to associate with the new finding. To create a new assessment, select an existing program.
Click Finish to save the new finding, or click Cancel to quit without saving. Note that creating a new finding can take some time.
