Citation Level Attestation

Yuvraj Sharma
Tera Expert

Client wants to do Citation level attestation. From the below approaches, what would be the best in terms of saving development efforts and any other suggestions ?

1. Approach 1 : Citation Form (draft > attest > review > active > retired)

  • Create a process flow
  • Create the UI Actions
  • Create fields like att. frequency, att. metric, assessment group, assigned to 
  • On "Attest" button click, an attestation task would be created for the citation
  • No Control Objective need to be linked to Citations which are attested

2. Approach 2 : Citation Form (draft > attest > review > active > retired)

  • new field Citation level attestation : Yes/No
  • If Yes,
  • new field attestation metric : ?
  • new field attestation frequency : ?
  • new field entity type : ?
  • create CO with same name using script and map the entity type, enable auto-create controls
  • Bring that Citation Level Att. field on Control form and if yes, set the attestation frequency, att. metric, respondents for the controls as per citation
  • Currently, there is a manual way from list actions to group assessments. Using script, group the control attestations and 1 task will be created

Please suggest.

6 REPLIES 6

Community Alums
Not applicable

HI @Yuvraj Sharma ,

The First Approach follows the best practice to use UI actions and the lifecycle of the process flow.

the second approach has an issue with maintaining it and needs lots of dev work.

 

Yuvraj Sharma
Tera Expert

Thanks for replying @Community Alums

I did it with another 3rd approach.

I created a custom table "Citation Instance" which extends Control so that we may get all the functionality of control to this custom table.
Created a mandatory reference field to Citation record
Created the process flow (draft > attest > review > active > retired)
Created a new attestation for Citation Attestation and using reference qualifier made it exclusive for the Citation Instance records 

There are many other minor things.

Community Alums
Not applicable

Hi @Yuvraj Sharma ,

Good that you build 3rd way.

but the recommendations which i gave also fits well as i tried and tested.

 

ShafrazMubarak
Giga Guru

Hi @Yuvraj Sharma @Community Alums 

 

Agreeing the proposed solution presented. 

 

Advise me on following business practice in organization which relates to this question too. 

 

Usually when a new citation is entering into an organization's scope, they should do a risk assessment. In this process, they will be able to assess the impact of citation to organization's business, finance, regulational complexity, reputational and existing control effectiveness, policies implementation, employee training, compliance issue management and etc. 

This assessment will give an idea of by bringing the citation to their regulation scope, what are the impact, how strong is their existing structure and how to move forward. 

 

I am just checking is there any other way that by utilizing the citation assessment feature, we can bring an automated trigger of a common control that applies to entire organization and track the compliance of the citation. This way you will have the assessment also recorded along with control attesttaion.