@brandoncalero the use case you have described is what control indicators have been designed for.
The process for creating them is:
- Create a single control objective (make sure "Creates control automatically" is true)
- (Optional) Create an entity type for all applicable applications with an entity filter pointed to the Business application table to automatically create controls for the applicable applications
- Create an indicator template off of the Control objective. This indicator template can be manual to start off with and provide some guidance to the user of what they need to do and what you expect them to upload
- (Optional) Create a test template for the control objective and click generate test plans. This will create a copy of the test template as a test plan for each control
This is a once off activity and then will then run throughout the year and send tasks to users to upload data.
When it is time to test you can do the following:
- Create an engagement
- Bring the applications in scope
- (Optional) you can configure control tests to not require test plans by removing the mandatory flag. This will allow users to create control tests directly.
- Create the control tests either from the test plans or manually create individual control tests. This can be done in bulk. You can also config this list to allow you to select all test plans if you want to make this even faster
Once you create a control test it will automatically bring in the manual indicators or the uploaded evidence in the control test for the audit user to review (see below screenshot example of an indicator result on a control test)
Once you do this once you can copy the engagement following the below guide and it can copy all the set up for you each time so you dont have to repeat these steps
I hope this is helpful, if you still have questions I would suggest to reach out to your ServiceNow account team and they could connect you with your local Risk Specialist to help you through the process.
@brandoncalero the use case you have described is what control indicators have been designed for.
The process for creating them is:
- Create a single control objective (make sure "Creates control automatically" is true)
- (Optional) Create an entity type for all applicable applications with an entity filter pointed to the Business application table to automatically create controls for the applicable applications
- Create an indicator template off of the Control objective. This indicator template can be manual to start off with and provide some guidance to the user of what they need to do and what you expect them to upload
- (Optional) Create a test template for the control objective and click generate test plans. This will create a copy of the test template as a test plan for each control
This is a once off activity and then will then run throughout the year and send tasks to users to upload data.
When it is time to test you can do the following:
- Create an engagement
- Bring the applications in scope
- (Optional) you can configure control tests to not require test plans by removing the mandatory flag. This will allow users to create control tests directly.
- Create the control tests either from the test plans or manually create individual control tests. This can be done in bulk. You can also config this list to allow you to select all test plans if you want to make this even faster
Once you create a control test it will automatically bring in the manual indicators or the uploaded evidence in the control test for the audit user to review (see below screenshot example of an indicator result on a control test)
Once you do this once you can copy the engagement following the below guide and it can copy all the set up for you each time so you dont have to repeat these steps
I hope this is helpful, if you still have questions I would suggest to reach out to your ServiceNow account team and they could connect you with your local Risk Specialist to help you through the process.
