The Zurich release has arrived! Interested in new features and functionalities? Click here for more

How to create Control Tests in GRC

Go to solution
tena1
Tera Contributor

‎06-24-2019 10:05 PM

How to create COntrol Tests in GRC.

I do not see the IT GRC -> Control Tests as given in the Madrid Docs.

I believe Attestations are created to check the Control Design Effectiveness.

How to check the Control Effectiveness in GRC

0 Helpfuls
  • 1,747 Views
1 ACCEPTED SOLUTION

Go to solution
Shiva Thomas
Kilo Sage

‎06-25-2019 01:37 AM

Hi Tena,

The Automated Tests you are looking for are located in "Automated Test Framework > Tests". You'll obviously need to be at least at Madrid version.

find_real_file.png

Another relevant link: Is anyone using Automated Test Framework in GRC?

Attestations are freely customizable questionnaires that can be used to to trigger events for your Controls, but out-of-the-box they are intended mostly for manual review: After reviewing the Assessment, the actions are taken manually by the Control's Owner. Only some question type can trigger a simple compliant/non-compliant status on the Control. Since non-admins can edit/create Attestations, any more advanced scripted automation logic could be broken by modification of the Attestation template.

To affect the Status of a Control, you can also you Indicator tasks (manual or scripted) or a simpler but custom one button attestation approach.

The effectiveness can be mesured by looking the impact of the Control's Status on the Calculated Scores of a Risk linked to your Control.


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

View solution in original post

Preview file
111 KB
Preview file
200 KB
0 Helpfuls
2 REPLIES 2

Go to solution
Shiva Thomas
Kilo Sage

‎06-25-2019 01:37 AM

Hi Tena,

The Automated Tests you are looking for are located in "Automated Test Framework > Tests". You'll obviously need to be at least at Madrid version.

find_real_file.png

Another relevant link: Is anyone using Automated Test Framework in GRC?

Attestations are freely customizable questionnaires that can be used to to trigger events for your Controls, but out-of-the-box they are intended mostly for manual review: After reviewing the Assessment, the actions are taken manually by the Control's Owner. Only some question type can trigger a simple compliant/non-compliant status on the Control. Since non-admins can edit/create Attestations, any more advanced scripted automation logic could be broken by modification of the Attestation template.

To affect the Status of a Control, you can also you Indicator tasks (manual or scripted) or a simpler but custom one button attestation approach.

The effectiveness can be mesured by looking the impact of the Control's Status on the Calculated Scores of a Risk linked to your Control.


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

Preview file
111 KB
Preview file
200 KB
0 Helpfuls