Create New AI Issue form

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • Use the Create New Issue form to identify and manage issues related to the impacted areas for the reported AI case.

    See the following table for a description of the field values.

    Table 1. Create New Issue form
    Field Description
    Number Number of the issue. This field is automatically set to a request number.
    Name Name of the issue. For example, Cyber Attack on Acme.
    Issue source Source from where the issue was created. This field is automatically set to AI case.
    Issue type Type of the issue. The options are as follows:
    • Control design effectiveness failure: The control was poorly designed and cannot effectively prevent or detect the intended risk.
    • Control operative effectiveness failure: The control was well-designed but failed during execution or wasn't followed correctly.
    • Control doesn’t meet requirement: The control is in place but doesn't satisfy regulatory, policy, or business requirements.
    • Control doesn’t exist: There is no control present to address a known risk or requirement.
    • Non-compliance to a regulation: A law or regulation was not followed, potentially exposing the organization to penalties.
    • Non-compliance to a policy: An internal policy was not adhered to, which could lead to risks or inefficiencies.
    • Improvement or suggestion to an existing policy: A recommendation to enhance an existing policy for better clarity, coverage, or effectiveness.
    • Recommendation for a new policy: A proposal to create a new policy to address a gap or need that currently isn’t covered.
    • Process optimization or improvement: Opportunities identified to improve efficiency, accuracy, or effectiveness of a business process.
    • Observation: A general note or finding that may not be an issue now but could warrant attention.
    • Data breach: Unauthorized access, disclosure, or loss of sensitive or personal data.
    • Fraud: Intentional deception for personal or organizational gain, such as misappropriation of assets.
    • Misstatement: Errors or omissions in financial or operational reporting that misrepresent facts.
    • Training: Gaps or needs identified in knowledge or skills that require attention.
    • Documentation: Issues related to missing, outdated, or inaccurate documentation.
    • Risk issue: A broad risk-related concern that may not fall under other specific categories.
    • Other: Any issue that doesn't fit into the above types but is still worth tracking and resolving.
    Classification Classification of the issue. The options are as follows:
    • Compliance
    • Risk
    • Audit
    • Vendor Risk
    Location Location where the issue occurred. For example, Japan.
    State Workflow state of the issue. This field is automatically set to Review. The options are as follows:
    • New
    • Analyze
    • Respond
    • Review
    • Closed Complete
    • Closed Incomplete
    For more information on Issue management workflow and life cycle, see Manage issues.
    Substate Substate of the issue. This field is auto-filled.
    Priority Urgency of the issue. It enables the team to triage requests effectively and respond based on how critical the request is. This field is automatically set to Review. The options are as follows:
    • Critical
    • High
    • Moderate
    • Low
    • Planning
    Issue rating Rating of the issue. The options are as follows:
    • Very High
    • High
    • Moderate
    • Low
    • Very Low
    Description Description about the issue in detail. For example, ACME experienced a cyber attack that resulted in unauthorized access to internal systems.
    Assignment
    Assignment group Group to whom the issue is assigned. For example, Risk Managers.
    Assigned to User to whom the issue is assigned.
    Issue manager group Manager group that the issue is assigned to. The options are as follows:
    • Compliance Managers
    • IT Risk Managers
    • Risk Managers
    Issue manager Manager to whom the issue is assigned.
    Watch list Person who must be informed about the issue.
    Schedule
    Due date Date when the issue is due.
    Confirmed date Confirmation date for the issue. This field is auto-filled.
    Created Date on which the issue is created. This field is automatically set to the current date and time.
    Closed Date on which the issue is closed.
    Planned start date Planned start date for the issue.
    Planned end date Planned end date for the issue.
    Duration Duration for the issue in days, hours, minutes, and seconds.
    Actual start date Actual start date for the issue.
    Actual end date Actual end date for the issue.
    Actual duration Actual duration for the issue in days, hours, minutes, and seconds.
    Issue grouping
    Issue group rule Group rule for the issue. This field is auto-filled.
    Parent issue Parent issue that is associated with the issue.
    Action plan
    Recommendation Recommendation for the issue. For example, Enhance cybersecurity measures and provide regular security training.
    Action plan Action plan for the issue. For example, Upgrade the firewall to the latest version and implement multi-factor authentication for all administrative accounts.
    Activity
    Work notes (Private) Notes or information about the issue.
    Additional comments (Customer visible) Additional information about the issue that you want to share with your customers.
    Settings
    Functional domain Functional domain that the issue belongs to. For example, an issue may belong to the AI Risk and Compliance domain.