Mapping a Control Objective directly to an Entity (GRC)

Navraj
Tera Contributor

‎09-28-2023 11:14 AM - edited ‎09-28-2023 11:26 AM

Greetings, I have the following questions in regards to relating an Entity directly to a Control Objective

 

  • Is it possible to bypass mapping a Control Objective to an Entity Type and instead map the Control Objective directly to an Entity?
  • What would be the steps to perform this?
  • Would the controls within that CO automatically generate within the linked Entity?
  • What would be the pros and cons of doing this? 
0 Helpfuls
  • 1,123 Views
4 REPLIES 4

telmo_nabais
Tera Expert

‎09-29-2023 09:50 AM

Hello Navraj,

just challenging your question, isn't creating a control for an entity based on a control objective (OOTB functionality) the same as what you intend with "Map a control objective directly to an entity"?

 

Kind regards!

0 Helpfuls

AndersBGS
Tera Patron
Tera Patron

‎10-01-2023 11:11 PM

Hi @Navraj ,

 

Please see the architecture schema below utilized for GRC, Control Objectives, Entities and entity types:

AndersBGS_0-1696226958962.png

The reason why a control objective should be mapped to an entity type is, that a control will be created for each entity when entity type and control objective is mapped together. 

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

 

best regards

Anders

 

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

0 Helpfuls

Ahmed Drar
Tera Guru
Tera Guru

‎10-02-2023 02:49 AM

Hi Navraj,

 

The short response is this is not a good idea and I don't know what this will add to the table . You could use a link between control and entity to get the optimal OOTB logic.

 

I hope this helps.

Ahmed

Please mark my answer as Correct / Helpful based on the Impact

Community Rising Star 2023

0 Helpfuls

telmo_nabais
Tera Expert

‎10-02-2023 07:37 AM

Hello Navraj,

not sure exactly in which version this was introduced but just realised that from a control objective/risk statement there is a related list "Additional entities" which meets your requirement.

  • It allows you to bypass mapping a Control Objective to an Entity Type and select directly what are the Entities where the control is implemented and monitored
  • Just use the mentioned related list to achieve what you want
  • Controls and risks are automatically generated for the control objective/risk statement within the linked entity
  • I didn't use this functionality yet on a real context but can assume you gain flexibility on scope definition, you lose a central point of scoping for automation of risk/control generation if you don't use entity types
0 Helpfuls