Create New Issue form in Regulatory Change Management

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • Use the Create New Issue form in Compliance Workspace to create an issue or add an existing issue to a regulatory task in Regulatory Change Management (RCM).

    Create New Issue form

    For a description of the field values, see the following table.
    Table 1. Create New Issue form
    Field Description
    Issue
    Number Number of the issue. This field is auto-filled.
    Name Name of the issue. For example, Non-compliant control.
    Issue source Source from where the issue was created, such as risk event or risk assessment. This field is auto-filled.
    Issue type Type of the issue. The options are as follows:
    • Control design effectiveness failure: The control was poorly designed and cannot effectively prevent or detect the intended risk.
    • Control operative effectiveness failure: The control was well-designed but failed during execution or wasn't followed correctly.
    • Control doesn’t meet requirement: The control is in place but doesn't satisfy regulatory, policy, or business requirements.
    • Control doesn’t exist: There is no control present to address a known risk or requirement.
    • Non-compliance to a regulation: A law or regulation was not followed, potentially exposing the organization to penalties.
    • Non-compliance to a policy: An internal policy was not adhered to, which could lead to risks or inefficiencies.
    • Improvement or suggestion to an existing policy: A recommendation to enhance an existing policy for better clarity, coverage, or effectiveness.
    • Recommendation for a new policy: A proposal to create a policy to address a gap that currently isn’t covered.
    • Process optimization or improvement: Opportunities identified to improve efficiency, accuracy, or effectiveness of a business process.
    • Observation: A general note or finding that may not be an issue now but could warrant attention.
    • Data breach: Unauthorized access, disclosure, or loss of sensitive or personal data.
    • Fraud: Intentional deception for personal or organizational gain, such as misappropriation of assets.
    • Misstatement: Errors or omissions in financial or operational reporting that misrepresent facts.
    • Training: Gaps or needs identified in knowledge or skills that require attention.
    • Documentation: Issues related to missing, outdated, or inaccurate documentation.
    • Risk issue: A broad risk-related concern that may not fall under other specific categories.
    • Other: Any issue that doesn't fit into the above types but is still worth tracking and resolving.
    Classification Classification of the issue. The options are as follows:
    • Audit
    • Compliance
    • Risk
    • Vendor risk
    Location Location where the issue occurred. For example, United States.
    State Lifecycle stage of the issue. The options are as follows:
    • New
    • Analyze
    • Respond
    • Review
    • Closed Complete
    • Closed Incomplete
    Substate Substate of the issue. This field is auto-filled.
    Priority Urgency of the issue. The options are as follows:
    • 1-Critical
    • 2-High
    • 3-Moderate
    • 4-Low
    • 5-Planning
    Issue rating Severity or risk level of the issue. The options are as follows:
    • 1-Very High
    • 2-High
    • 3-Moderate
    • 4-Low
    • 5-Very Low
    Description

    Detailed explanation of the issue. For example, The "Manage change requests" control does not meet compliance requirements.
    Assignment
    Assignment group Group to whom the issue is assigned. For example, GRC Business Users.
    Assigned to User to whom the issue is assigned.
    Issue manager group Manager group responsible for overseeing the issue. Available options are:
    • Compliance Managers
    • IT Risk Managers
    • Risk Managers
    Issue manager Manager responsible for overseeing the issue.
    Watchlist Users who must receive notifications about updates to the issue.
    Schedule
    Due date Date when the issue is due.
    Confirmed date Confirmation date for the issue. This field is auto-filled.
    Planned start date Planned start date for the issue.
    Planned end date Planned end date for the issue.
    Duration Duration for the issue in days, hours, minutes, and seconds.
    Created Date on which the issue is created. This field is auto-filled.
    Closed Date on which the issue is closed.
    Actual start date Actual start date for the issue.
    Actual end date Actual end date for the issue.
    Actual duration Actual duration for the issue in days, hours, minutes, and seconds.
    Issue grouping
    Parent issue Parent issue that is associated with the issue.
    Issue group rule Group rule for the issue. This field is auto-filled.
    Action plan
    Recommendation Recommendation for the issue. For example, Ensure that changes to the entity's controls follow an approved change process.
    Action plan Action plan for the issue. For example, Leverage the approved change management procedures in the RCM.
    Activity
    Work notes Internal notes about the issue. These are private and visible only to users with access to the issue record.
    Additional comments Additional information about the issue that you want to share with your customers. These are visible to external stakeholders and customers.
    Settings
    Functional domain Functional domain that the issue belongs to. For example, IT risk and compliance.