Each finding can have a response, exception or a ticket associated with it. Risk associated with a finding can be mitigated or eliminated completely using the response or exception. Also, responding to weak controls by compensating with the best alternate controls will ensure the desired compliance score. Creating a finding will launch a workflow and you may track the remediation progress by its workflow status or optionally, associate a ticket to acknowledge an action request. A finding's risk mitigation strategy can be controlled by the program owner. When a risk mitigation strategy is not in place for a finding, only the risk analysis is allowed for a particular assessment.
To view finding details:
- Open the questionnaire’s question that has a finding.
- Click finding’s title to open the details.
- Click the General tab to see the general information settings. To update the finding’s status, click Edit and select the appropriate status. Click Save to save the changes.
- Click the Risk Assessment tab to assess the impact and likelihood ratings for a risk.
- Click the Responses tab to create and view response associated with a finding. For more information, see Revising Responses.
Click the Tickets tab to create and view a ticket associated with a finding.
Click the Exceptions tab to request an exception or to view exceptions that are associated with a finding. For more information, see Transitioning and Viewing Exception Requests and Requesting Exceptions.
Click the Attachments tab to append the supporting documents that makes the other questionnaire responders understand well.
Click the Workflow tab and click a stage action to transition the findings workflow stage.