GRC report interpretation - Legacy

Learn to interpret the reports for compliance, pertinence settings, and audit results.

Compliance reports

A GRC user can report on the percentage of completion and percent compliant for all control test instances associated with an authority document, risk, and policy, to ensure that the company meets its compliance goals.

Table 1. GRC compliance report definitions
Report Definition
Compliance Percentage of control test instances that were successful for the last run.
Non-Compliance Percentage of control test instances that failed for the last run.
Complete Percentage of control test instances that either passed or failed for the last run.

Some controls that you import from UCF might not be relevant to your organization's compliance efforts. By default, compliance reporting excludes GRC components in which the Pertinent flag is set to false. Only controls in which this flag is set to true are rolled up in compliance reports to show their impact at the authority document level. Audit reports include all controls, regardless of the state of the Pertinent flag, to accurately represent the contents of the audit.

Audit reports

Members of an internal or external audit team can use these reports to view an audit instance together with the results of the control tests. Open a specific control test instance containing the results to view audit details and the related observations and remediations.