Manage audit issues and remediation
Issues can be created manually to document audit observations or remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.
Various types of issues are created under the following conditions:
- Issue
- Created when an indicator fails
- Control issue
- Created when a control attestation is completed indicating that the control is Not implemented
- Control test issue
- Created when a control test is closed complete with the control effectiveness set to Ineffective
- Other issue
- Created by the user manually
Remediating an issue marks an intention to fix the underlying issue causing the control failure or risk exposure. Accepting an issue marks an intention to create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.
For more information on issues and observations, see Manually create GRC issues and Audit observations.