Compliance case workflow

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Compliance Case Workflow

    The Compliance Case Workflow in the Compliance Case Management application enables organizations to report and manage compliance-related issues effectively. This structured process ensures that compliance cases are addressed by the compliance team in a timely and organized manner.

    Show full answer Show less

    Key Features

    • Reporting a Compliance Case: Business users or compliance teams can report violations through the Employee Center or Compliance Workspace applications.
    • Triage: The compliance team assesses the validity of reported cases and assigns case analysts for further action.
    • Investigation and Evaluation: Case analysts collaborate with various teams to gather evidence and create tasks for investigation, assessing the impact, related areas, regulations, and causes of compliance issues.
    • Resolution: Following analysis, case analysts initiate remediation actions and monitor regulatory violations for compliance.
    • Post Case Review: Analysts conduct root-cause analysis and review cases to identify and resolve issues before closing them.

    Key Outcomes

    Utilizing this workflow allows organizations to ensure compliance, effectively manage risks, and maintain robust oversight of compliance issues. By following a structured process, organizations can expect improved case resolution times and better regulatory adherence.

    The workflow in the Compliance Case Management application is a process that enables you to report and manage cases that need the compliance team's attention.

    The following diagram shows the workflow of the GRC: Compliance Case Management application.
    Figure 1. GRC: Compliance Case Management workflow
    Workflow of a compliance case.
    The different stages of the compliance workflow are described as follows:
    • Report a compliance case
    • Triage the compliance case
    • Investigate and evaluate the compliance case
    • Resolve the compliance case
    • Post case review and closure

    Report a compliance case

    A business user or a compliance team reports a compliance violation. A business user can report a case in the Employee Center application. A compliance case team can report cases in the Compliance Workspace application. For more information, see Reporting a compliance case in GRC: Compliance Case Management.

    Triage the compliance case

    After a compliance case is reported, the compliance team triages the case from a validity standpoint. The team then assigns a case analyst to work on the case.

    Investigate and evaluate the compliance case

    The compliance case analyst collaborates with multiple teams to investigate, gather evidence, and capture the details and responses about the case. Then, the case analyst creates the case tasks to initiate an investigation and assessment of a reported case and assigns them to a case task owner.

    The case task owner adds the requested details and submits them to the case analyst for review. Based on the investigation and assessment responses, the case analyst performs the following tasks:
    • Add the areas that are impacted by a compliance case. For example, the impacted areas or objects that could be impacted are the entities, controls, locations, or users that are affected by the compliance case. For more information, see Add an impacted area to a compliance case.
    • Add the areas that are related to the compliance case. For example, the related areas include the policies, citations, control objectives, or risk events. For more information, see Add a related area to a compliance case.
    • Add the compliance regulations that might be impacted to the compliance case. For more information, see Add compliance regulations to a compliance case.
    • Add the causes and consequences of this compliance case such as the root cause for the reported compliance case or event and its consequences on the organization. For more information, see Add a cause and consequence to a compliance case.

    Resolve the compliance case

    After all the analysis for the reported case is completed, the case analyst initiates the remediation actions and preventive measures to resolve the case. The case analyst also tracks the reportable regulatory violations to ensure their lodgment to the regulators.

    Post case review and closure

    The case analyst analyzes the causes and consequences of the case. Then, the case analyst​ conduct​s a root-cause analysis to remove the cause of the case. The case analyst can review the case to identify and manage the issues that are related to the impacted areas. For more information, see Add or create an issue for a compliance case. Finally, the compliance analyst works closely with the various teams to review and close the compliance case.