Create a GRC control test definition

A control test definition determines how and when a control test is performed, including execution steps and expected results. Condition collections can be created with associated conditions to define advanced control test logic. Each time the control test is performed, a control test instance is generated as a task to be executed, according to the control test definition. After you define a control, create control tests to gather documented evidence of whether the associated control is operating correctly.

About this task

When you configure a control test definition to provide supporting data , you can select different methods of gathering that data.

Procedure

  1. Navigate to GRC > Administration > Control Test Definitions.
  2. Click New.
  3. Fill in the top part of the form, as appropriate.
  4. Click Submit to save the record or Execute now to save and execute this control test definition.
    Control test definition form
    Table 1. Control test definition fields
    Field Description
    Definition ID A unique identifier generated dynamically by the system.
    Name The name of the control test.
    Duration Defines the due date for an attestation or the elapsed time until this control test is marked passed or failed. For attestations, you can configure the duration in this form or in the Assessment Metric Type form. For recipient notification, If the duration is at least two days, the system deducts one day from the duration when notifying recipients of milestones. This allows time to review the attestation results before the due date expires. The default duration is 14 days.
    Method One of the following choices for determining the test assignee:
    • Assign to Group: Assignment group for the control test.
    • Assign to Individual: User assigned to the control test.
    Assign to group Group assigned to this control test. This field is available only when the selected method is Assign to Group.
    Assign to User assigned to this control test. The choice list is limited to users whose role permits them to view and score control tests. This field is available only when the selected method is Assign to Individual.
    State A workflow field that indicates the state of the drafting process for this control test definition. If the state is Active, control test instances are dynamically generated based on this record's definition. A control test definition must be active before it can be executed.
    Control A reference to the control being enforced.
    Note: Do not change the control in this record after the control test instance has been generated. If you need to change the control, create a new control test definition with the same settings and then select the new control.
    Remediation group Group assigned to the remediation tasks if a control test fails.
    Escalate task Check box to escalate the priority of the control test associated with this control test definition as the due date approaches. The escalation schedule is:
    • Low: 0% - 50%
    • Moderate: 50% - 90%
    • High: 90% - 100%
    • Critical: Overdue
    Run Frequency for generating control test instances. Choices are:
    • Daily
    • Weekly
    • Monthly
    • Periodically
    • Once
    • On Demand
    Day Day of the week that a control test instance is generated each week if Run is set to Weekly. Day of the month if Run is set to Monthly.
    Time The time that a control test instance is automatically generated if '''Run''' is set to '''Daily''', '''Weekly''', '''Monthly''', or '''Periodically'''.
    Repeat interval A duration, in days and hours, between the automatic generation of control test instances if Run is set to Periodically.
    Starting The date and time control test instances are first generated if Run is set to Periodically. The only date and time a control test instance is generated if Run is set to Once.
    Execution step Description of this step in the process of satisfying the control. For example, if you are administering an attestation, the step might be to collect attestations and evaluate the results.
    Expected result The result that should occur after these tests. Describe how the results of test are used to support the control.
    Collect supporting data Indicator whether sample data should be taken from a particular table within the instance when the control test instance is generated. Select this check box to display additional fields for supporting data.