what is the purpose of GRC indicators?

G Balaji
Kilo Guru

Hi,

What is the purpose of GRC indicator and indicator templates? How is the indicators in Policy and Compliance related to Audit mangement indicators?

Thanks.

1 ACCEPTED SOLUTION

Shiva Thomas
Kilo Sage

Hi Balaji,

Controls can be monitored via Assessment (= Questionnaire assigned to someone, that generate an attestation), manual Indicator (= Manual Task assigned to someone, to be closed as Passed or Failed), or automated indicator (= Script).

Risk calculation: The Calculated Risk Score utilises data from the Inherent and Residual to determine an adjusted ALE and score.
The adjustments are driven by Control and Indicator statuses.

Indicator: A metric used to collect data to monitor controls and risks, and collect audit evidence.
Note that Indicators are not weighted, unlike Controls. When looking at their impact on a Control or Risk they will all be considered equally.

Indicator Templates can be created for Policy Statements (aka Control templates) or Risk Statement (aka Risk templates) to automatically create Indicators for related Controls and Risk.

Audit management and Policy & Compliance use Indicators for the same reason: Assess Controls and Risks.
https://docs.servicenow.com/bundle/madrid-governance-risk-compliance/page/product/grc-indicators/reference/continuous-monitoring.html


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

View solution in original post

3 REPLIES 3

Ct111
Giga Sage

objective can be understood from the below link

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-common/reference/r_WhatIsGRC.html

 

for Audit Management relation see the below 

The GRC: Audit Management product enables users to schedule internal audits, conduct resource planning, scope engagements, conduct audit activities, review continuous monitoring results, and report findings.

 

https://docs.servicenow.com/bundle/london-governance-risk-compliance/page/product/grc-audit/concept/c_GRCAudits.html

 

 

Mark my ANSWER as CORRECT and HELPFUL if it helped

Shiva Thomas
Kilo Sage

Hi Balaji,

Controls can be monitored via Assessment (= Questionnaire assigned to someone, that generate an attestation), manual Indicator (= Manual Task assigned to someone, to be closed as Passed or Failed), or automated indicator (= Script).

Risk calculation: The Calculated Risk Score utilises data from the Inherent and Residual to determine an adjusted ALE and score.
The adjustments are driven by Control and Indicator statuses.

Indicator: A metric used to collect data to monitor controls and risks, and collect audit evidence.
Note that Indicators are not weighted, unlike Controls. When looking at their impact on a Control or Risk they will all be considered equally.

Indicator Templates can be created for Policy Statements (aka Control templates) or Risk Statement (aka Risk templates) to automatically create Indicators for related Controls and Risk.

Audit management and Policy & Compliance use Indicators for the same reason: Assess Controls and Risks.
https://docs.servicenow.com/bundle/madrid-governance-risk-compliance/page/product/grc-indicators/reference/continuous-monitoring.html


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

Does indicator or indicator templates create automatically? there is script "Auto generate indicators for item" but does not seem to work.