- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2025 10:51 AM
For example, an automated indicator tries to collect data from a table, for a particular entity. If there is no data there, the control associated with the entity would have null compliance status (if there was not a previous compliance status determined). If there is data there, that data would lead to a 'compliant' or 'non compliant' status for the control accordingly.
I am assuming this automated indicator works in the same way as a manual indicator - until a result comes back, then there is no compliance status for the control.
Do I have this right or am I missing something?
Thank you.
Solved! Go to Solution.
- Labels:
-
Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2025 11:15 AM
Yes, you're thinking about it correctly. An automated indicator behaves like a manual one until a result is generated, and no data = no compliance status change unless otherwise configured.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2025 11:15 AM
Yes, you're thinking about it correctly. An automated indicator behaves like a manual one until a result is generated, and no data = no compliance status change unless otherwise configured.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2025 02:59 PM
Hi @Peter Hyams
As @IsabelyA confirms you are correct in your logic, so how do we get around what you are facing? Let me explain using a practical example.
Requirement for the indicator: Business Applications should have at least 80% of implemented changes completed within time.
Since this would be applied to Entity type: Business application we will have a bunch of controls each with an indicator, and a threshold of 80%.
- SAP, NetScaler, etc.
You are interrogating change records to see if they were all implemented within time.
SAP has 6 change records (5 within time, 1 outside of the time frame for implementation)
NetScaler had 0 changes implemented.
The indicator for SAP would provide a result of 83.3% and would therefore provide a PASS - control is compliant.
NetScaler would provide a 0 as there were no records to locate. Since it did not exceed the 80% threshold it will provide a FAIL - Control Non-compliant.
Solution: How about looking at it from the other side.
Indicator: No more than 20% of changes should exceed the implementation timeframe.
SAP - 1/6 = 16.6% - PASS - Control Compliant
NetScaler - 0 = 0% - PASS - Control Compliant
It is all about understanding the total population and what a PASS or a FAIL looks like.
