Suche aufrufen
Menü aufrufen
47
1.3K
10
34.8K
HITGuard User Guide
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Kontrolldefinitionen/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Weitere Optionen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
VisuellWikitext
Isan (Diskussion | Beiträge)
Administratoren, translater, tsuser
10.680 Bearbeitungen
Keine Bearbeitungszusammenfassung
Isan (Diskussion | Beiträge)
Administratoren, translater, tsuser
10.680 Bearbeitungen
Keine Bearbeitungszusammenfassung
Zeile 123: Zeile 123:
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
Clicking on the blue link opens the respective entity.
Clicking on the blue link opens the respective entity.
</div>


<div class="mw-translate-fuzzy">
<div class="mw-translate-fuzzy">
<b>Note:</b> If the entity is not displayed in blue, then you lack the authorization to view it or it is in another management system.
<b>Note:</b> If the entity is not displayed in blue, then you lack the authorization to view it or it is in another management system.
</div>
</div>

Version vom 27. September 2022, 13:34 Uhr

A control definition determines, at what intervals a control is to be executed. Implementers, examiners, and the approval behavior for the control are also determined. Control definitions can have the state "active", "suspended", or "deactivated". Only an active control triggers controls at the set intervals, provided it has been configured as a recurring control.

Controls traverse various phases when they are triggered, from the implementation of the control itself, through the exam of the control, to the finished or failed control.

Experts and professionals can see all controls created in the active management system under "Controls → Control definitions".

Select management system


Create/edit/copy control

When creating a control, make sure that the correct management system has been selected, as controls are only created for the active management system.

To create a new control, click the "Plus" button.

To edit an existing control, double-click the desired control.

To copy an already existing control definition, click on the copy button next to the plus. This will copy the control definition 1:1, but no control executions and links will be copied!

Mask for editing a control


Header data

OrgEh:
  • Here, you enter the organizational unit in which the control is to be performed.
Abbreviation:
  • This is the abbreviation under which the control can be found. (e.g. OrgUnit + sequence number Per_K_001).
State:
  • Active: Control to be performed as soon as it is triggered.
  • Suspended: The control is not to be performed for a specific reason, but it can be reactivated.
  • Deactivated: The control is generally no longer active. This status is for controls that are not to be deleted for archiving purposes, because controls have already been performed.
Description:
  • Here, you should briefly describe what topic the control deals with.
Control measure:
  • In the control measure, describe the control and explain what to look for when performing it.
  • This is a html field. The formatting is also applied in reports.
Note:
  • Here, you enter additional information to be considered when performing the control.
Norm mapping:
  • Here, you can map the control to a standard. Normally this field is filled because the control is selected from a knowledge base template (blue button next to the "abbreviation" field).
Control types:
  • Organizational: organizational procedures are checked.
  • Technical: Technical processes are checked.
  • Preventive: the control is used to prevent a risk/damage (e.g. checking a fire extinguisher).
  • Corrective: The control is used to check a known problem and assess whether said problem has been reduced.
Priority:
  • There is no official definition of a key control. However, a distinction can save time in documenting and testing controls that are not key.
    The following characteristics can help guide decisions:
    • It is required to provide reasonable assurance that material misstatements are prevented or detected on a timely basis.
    • It is the only control that covers the risk of material misstatement.
    • If it fails, it is highly unlikely that another control could detect the absence of the control.
    • It is a control that covers more than one risk or supports an entire process execution.

    .
Note: If no threshold has been defined for a key control, any failure of the control escalates to the management system owner!
Threshold:
  • Alarmed if the threshold was exceeded:
    • Management System Responsible(s)
    • as well as persons and team leaders entered in the input field "Functional escalation to"

    Depending on the selected period is the review period of quick value violations:
    • Year: Since the beginning of the year,
    • Quarter: Since the last start of the quarter,
    • Month: Since the beginning of the month,
    • Week: Since the beginning of the week,
    • Day: Since the beginning of the day,
    • Hour: Since the beginning of the hour.

    Note: If an already violated threshold is violated again within the period, each new violation will escalate.

Exam data

Implementer:
  • Here, you enter the persons who are responsible for the implementation of the control.
Approval behavior:
  • Here, you define when it is decided whether a control counts as performed when multiple examiners exist.
  • All must accept
  • First response applies
  • Majority must accept
  • All must agree in order of precedence
Examiner:
  • Here, you enter the persons who check the implementation of the control.
Next control:
  • Here you set the date of when the next control has to be carried out. Furthermore, you can decide whether the control is recurring and, if so, at what interval the control should be performed.
Deadline:
  • If the control is to have a deadline, you must specify it and define which people will be informed when the deadline is exceeded.
E-mail notifications once pending:
  • If this is enabled, as soon as a control is performed, the implementer is notified. This may be undesirable if a control is to be performed daily, for example.
Reminders:
  • Here, you can configure multiple e-mail reminders for the implementer.
Attachments:
  • Here, you can upload files that are visible to the implementer at each control. For example, this can be an audit trail template that the implementer can download and fill out for each control and then return as evidence. Please note that the implementer cannot change the files uploaded here.

Copy control

By clicking the button "Make a copy of this control definition" the control definition can be copied. The copy contains all the data of the original, i.e. description, implementers, mappings, attachments, etc. The only thing that will not be copied are the controls already performed of the original.

Executed controls

Switch to the "Executed controls" tab to get an overview of the controls already performed.

Overview of the executed controls


If you then click on a control, a dialog opens in which you can see the details of the control execution.

Caution By changing the state, the control is sent out to the person responsible for execution or to the examiner for a new execution/assessment.

Details of a performed control


Control link menu


If a control is assigned to a risk or a processing activity, for example, this link is displayed in this tab.

Important: This tab is only visible if the control is associated with entities.

Control links


Clicking on the blue link opens the respective entity.

Note: If the entity is not displayed in blue, then you lack the authorization to view it or it is in another management system.

Abgerufen von „https://userguide.hitguard.de/index.php?title=Kontrolldefinitionen/en&oldid=23010
Zuletzt geändert
Diese Seite wurde zuletzt am 27. September 2022 um 13:34 Uhr bearbeitet.