How to implement control objective periodic authoring, review, redlining and approval?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2025 02:00 PM
I know that the current process authoring and redlining is limited to the policies table. This was confirmed today by the product team. How does everyone review their control objectives? We have a requirement to do so at least annually.
I have submitted an idea into the Idea portal to extend the current functionality to the control objective table but knowing how long it would take to get implemented if ever I am looking for an alternative method.
Would appreciate community to review and comment on the idea as well.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2025 12:26 PM
Ours are manually created ones. We chose to come up with our own control framework about 10 years ago working with a Big 4 CPA firm. Each control objective gets reviewed at least annually and has an owner. The current process is to do it through email and SharePoint for redline review. We want to use ServiceNow for this as there is now capability to review policies within ServiceNow and specifically perform the redlining activities.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2025 09:35 AM
AlexR2, I had a 'Last Control Objective Review Date' field added as well as 'Last Control Objective Reviewer' field that loads my list of Compliance Managers as a pick list. Then I created my own Control Objective with an Entity Type of Control Objectives and the Indicator Template -> fail if the last review date is over a year old. You can dashboard this on your ops page or whatever depending on how "mature" your GRC footprint is. You get the idea. - Sean
