HITGuard offers the possibility of generating various audit management reports under "Audit management → Reports".
Report selection
To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.
Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.
Download options: The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.
Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under "Administration → Report archive".
When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the report archive and under "Administration → Report archive".
Remembering report options:Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.
Licenses: If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under "Administration → Licensing".
The following reports are offered in the risk management section of HITGuard:
Audit program
Use this report to generate an overview of all key data of the audit program and the audits it contains. Example audit program report
Generate audit program reportTo generate a report of an audit program, navigate to "Audit management → Reports → Audit program". There, all audit programs created in the selected management system are displayed for report generation. Subsequently, all that is required is to select an audit program from the list. The report is generated as soon as the pink download button is clicked. Create audit program report
Audit plan
This report provides a concise overview of the audit and the corresponding reviews with the information generally required for planning and preparation. It does not contain any results.
Generate audit planTo generate an audit plan as a report, navigate to "Audit management → Reports → Audit plan". There, all audits of the selected management system are available for report generation. To generate a report, select the desired audit and configure it with the report options to the right. Then, the report can be downloaded using the pink button.
Report options
Company address
This option includes the organizational unit's address in the report, if it has been recorded. The number of OU tiers decides whether the name of the superordinate organizational unit(s) are also included in the name of the audited unit as per the report.
Table of contents
This option determines whether a table of contents is included in the report.
Assessments in detail
Determines whether the header data are printed for the assessments included in the report.
Remarks
Determines whether the review remarks are included in the report.
Create audit plan
Audit
Use this report to generate a list of all key data for the selected audit and the included review dates. You can choose to include the agenda, the audit management summary, as well as the detailed results of the reviews in the report.
Generate audit reportTo generate an audit report, navigate to "Audit management → Reports → Audit". There, all audits of the selected management system are displayed for report generation. To generate a report, the desired audit must now be selected and configured via the report options on the right. The report is generated as soon as the pink download button is clicked.
Report options
Selection of the target score
For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set value, it is a gap.
Target score on the cover page
Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Company address
This option includes the organizational unit's address in the report, if it has been recorded. The number of OU tiers decides whether the name of the superordinate organizational unit(s) are also included in the name of the audited unit as per the report.
Table of contents
This option determines whether a table of contents is included in the report.
Review objects/questions in table of contents
This option determines whether the table of contents also contains individual review objects/questions.
Audit
Header data: If activated, all available information on the audit is printed in the header data. If not, the report only shows the audited organizational unit, beginning and end of the audit, lead- and co-auditor(s), as well as the audit criteria and focuses, if filled in.
The remaining options determine whether the management summary and remarks of the audit are printed, and whether a graphic is included in the report (scoreline, donut diagram). This option "Unnecessary" affects all donut diagrams of the report.
Review
Header data: If activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.
The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart, donut diagram, compliance spider charts). This option "Unnecessary" affects all donut diagrams of the report.
Review object
Header data: If activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.
The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline). This option "Unnecessary" affects all donut diagrams of the report.
Treatment plan by determination type
Prints the treatment plan (meaning the measures and controls) clustered by determination type at the beginning of the report. This is only possible, if the determination type for reviews is activated in the audit management module. Note: The treatment plan does not include positive determinations (model implementation). Find out more on determination types here.
Tabular evaluation of review questions
Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".
All OR Only positive OR Only negative: Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.
Information gatherings AND/OR Unnecessary AND/OR Not answered: Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
Detailed evaluation of review questions
Prints a detailed overview of the review questions and results with various additional information in the report.
All OR Only positive OR Only negative: Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.
Information gatherings AND/OR Unnecessary AND/OR Not answered: Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.
Review Object: Allows the review object to be evaluated at varying levels of detail. This function can be activated independently of the evaluation of the reviewquestions.
Review Questions: Answer AND/OR Justification AND/OR Description AND/OR Protection Objectives AND/OR Measures & Controls: Controls the inclusion of these elements in the detailed list of audit questions/results.
Move to Appendix: If this option is selected, the detailed evaluation of the audit questions and results is moved from the main body of the report to the appendix.
List attachments/evidences
Prints the file names of attachments/evidences in the report..
Embed image attachments
Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
Attachments/evidences as zip-file
The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
Appendix with explanations
Adds an apendix with different explanatory texts.
Create audit report
Überprüfungsprotokolle
Hier können Überprüfungsprotokolle zur Berichtserstattung erstellt werden.
Art der Überprüfung auswählen
Gap analyses
This report shows the results from one or more gap analyses. When selecting the analyses, please note that they are narrowed down according to the selected analysis period. A variety of report options help you to configure the reports so that they are presented according to your needs.
Create review protocol gap analysis
To generate a gap report, navigate to "Audit management → Reports → Review protocols → Gap analyses". It is possible to create a report for several analysis periods. For this, change the analysis period among the report options. This makes the reviews from the selected gap analyses available for selection.Caution: If you choose a new analysis period, the reviews from the previous one are no longer displayed but remain selected and will therefore be added to the report.Click the pink download button to generate the report.
Berichtsoptionen
Selection of the analysis period
This option determines which analysis period the report elements come from. It modifies the available selection of gap analyses in the list.
Selection of the target score
For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set value, it is a gap.
Target score on the cover page
Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Company address
This option includes the organizational unit's address in the report, if it has been recorded. The number of OU tiers decides whether the name of the superordinate organizational unit(s) are also included in the name of the audited unit as per the report.
Table of contents
This option determines whether a table of contents is included in the report.
Review
Header data: If activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.
The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart, donut diagram, compliance spider charts). This option "Unnecessary" affects all donut diagrams of the report.
Review object
Header data: If activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.
The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline). This option "Unnecessary" affects all donut diagrams of the report.
Treatment plan by determination type
Prints the treatment plan (meaning the measures and controls) clustered by determination type at the beginning of the report. This is only possible, if the determination type for reviews is activated in the audit management module. Note: The treatment plan does not include positive determinations (model implementation). Find out more on determination types here.
Tabular evaluation of review questions
Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".
All OR Only positive OR Only negative: Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.
Information gatherings AND/OR Unnecessary AND/OR Not answered: Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
Detailed evaluation of review questions
Prints a detailed overview of the review questions and results with various additional information in the report.
All OR Only positive OR Only negative: Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.
Information gatherings AND/OR Unnecessary AND/OR Not answered: Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.
Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls: Determines the inclusion of these elements in the detailed overview of the review questions/results.
Move to appendix: If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
List attachments/evidences
Prints the file names of attachments/evidences in the report..
Embed image attachments
Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
Attachments/evidences as zip-file
The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
Appendix with explanations
Adds an apendix with different explanatory texts.
Create review protocol gap analysis
Protection needs
In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.
Create review protocol protection needs analysis:
To create a protection needs report, navigate to "Audit management → Reports → Review protocols → Protection needs". Then select the protection needs analyses for which you want to generate the report, and configure it via the report options.
Click the pink download button to generate the report.
Berichtsoptionen
Extent of damage
This option determines which resources are included in the report. The report includes all resources that have at least one evaluation of the selected extent of damage or worse.
Company address
This option includes the organizational unit's address in the report, if it has been recorded. The number of OU tiers decides whether the name of the superordinate organizational unit(s) are also included in the name of the audited unit as per the report.
Table of contents
This option determines whether a table of contents is included in the report.
Summary
If a report contains multiple protection needs analyses, this option can add a summary of all results in the form of a crosstab to the report.
Summary details
Prints a list of all interviews included in the data basis of the report above the crosstab.
Interview results
Adds the rationale for the assessments of the individual protection needs and the crosstab for each interview to the report.
Remarks
Determines whether the review remarks are included in the report.
