GRC controls and super controls - Legacy

After identifying risks, define controls or import them from UCF authority documents. A control is a process to mitigate risk, enforce a mandated policy statement, and address the directive of an authority document. The control may have one or many control tests associated with it. This ensures that the control is effective and provides continued compliance. Controls can also be directly associated with citations to map an organization's internal controls to those mandated by the authority document.

Figure 1. GRC control process

GRC super controls

A super control is a control shared by multiple authority documents.

When a new version of a super control is downloaded, the system links all authority documents using that control to the new version, even those authority documents not updated. This can result in unintended changes in the relationship between the shared control and any unmodified authority documents. Relationship changes can alter how compliance is evaluated for your organization. Be sure you know what affect these updated controls have on your audits.

The system displays super controls in:

  • UCF document details
  • GRC update requests
  • GRC update approval records
  • Email notifications