You can create a finding for an entity, a failed control, or any control that does not meet the desired compliance. Findings for a failed control can be created on the Assessment Details page > Control Results tab. Findings for an entity can be created on the Assessment Details page > Findings tab, or on Home > Findings page.
Findings allow you to perform a risk assessment when created. However, it's the responsibility of the program owner to determine how workflow stage stakeholders will respond to a finding. For information about how to configure a response mechanism to a finding, see Set Control Response Options.
You can associate a finding with an existing assessment, or create a new one. You can also create a new entity to be associated with the new finding. In this case, you must also create an assessment.
To create a finding:
- Go to Home > Findings, then click New.
- Enter a Title and Description.
- Click the Individual dropdown and select an appropriate owner. Click the Team dropdown to select a team.
- Click Next.
Select Impact, Likelihood, Residual Impact, and Residual Likelihood values to assess the risk of this finding.
Click Next.
- Select an existing entity, or create a new entity, which will be the subject of this finding.
- Click Next.
- Select an existing assessment, or create a new assessment to associate with the new finding. To create a new assessment, select an existing program.
- Click Finish to save the finding, or Cancel to quit without saving. Creating a new finding may take some time.