Available GRC reports - Legacy

This table indicates which reports are included by default in the My GRC portals and the roles required to view each portal.

Some GRC reports are driven by database views, which define table joins for reporting purposes. As with any homepage in the ServiceNow system, report gauges can be customized in these portals.

Table 1. Available GRC reports
Report Description GRC portal Database view
Attestations by Control Displays manual attestations by controls for open control tests whose control or control test definition is owned by the logged-in user.
  • Type: Bar chart
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
My GRC Control portal

Roles:

  • grc_process_owner
  • grc_test_definition_admin
grc_attestations_control_tests

Joins:

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
Attestations by Control (My Group) Displays manual attestations by controls for open control tests whose control or control test definition is owned by the logged-in user's group.
  • Type: Bar chart
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
grc_attestations_control_tests

Joins :

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
Attestations by State Displays manual attestations by state for open control tests whose control or control test definition is owned by the logged-in user.
  • Type: Pie chart
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
grc_attestations_control_tests

Joins:

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
Attestations by State (My Group) Displays manual attestations by state for open control tests whose control or control test definition is owned by the logged-in user's group.
  • Type: Pie chart
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
grc_attestations_control_tests

Joins:

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
Attestations Past Due Date Lists overdue manual attestations for open control tests whose control or control test definition is owned by the logged-in user.
  • Type: List report
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
My GRC Control portal

Roles:

  • grc_process_owner
  • grc_test_definition_admin
grc_attestations_control_tests

Joins:

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
Attestations Past Due Date (My Group) Lists overdue manual attestations for open control tests whose control or control test definition is owned by the logged-in user's group.
  • Type: List report
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
grc_attestations_control_tests

Joins:

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
Audits in Progress (My Group) Lists audits with a state of Work in Progress owned by the logged-in user's group.
  • Type: List report
  • Table: Audit [grc_audit]
My GRC Audit portal

Roles:

  • grc_audit_definition_admin
  • grc_internal_auditor
Citation Coverage Gap Displays specific citations linked to controls that are not used in any control test definition.
  • Type: List report
  • Table: GRC ASC Coverage Gap [grc_asc_coverage_gap]
grc_asc_coverage_gap

Joins:

  • Control Authoritative Source Content [m2m_control_auth_src_content]
  • Control Test Definition [grc_control_test_definition]
Authority Document Coverage Gap Displays specific authority documents linked to controls that are not used in any control test definition.
  • Type: List report
  • Table: GRC AS Coverage Gap [grc_as_coverage_gap]
grc_as_coverage_gap

Joins:

  • Control Authoritative Source [m2m_control_authoritative_source]
  • Control Test Definition [grc_control_test_definition]
Compliance By Authority Document Displays the percentage of passing, failing, and complete control test instances from the last run for each authority document.
  • Type: List report
  • Table: Authoritative Source [grc_authoritative_source]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver

My GRC Control portal Roles:

  • grc_process_owner
  • grc_test_definition_admin
Compliance By Control Displays the percentage of passing, failing, and complete control test instances from the last run for each control.
  • Type: List report
  • Table: Control [grc_control]
Compliance By Policy Displays the percentage of passing, failing, and complete control test instances from the last run for each policy linked to a control.
  • Type: List report
  • Table: Policy [grc_policy]
Compliance By Risk Displays the percentage of passing, failing, and complete control test instances from the last run for each risk linked to a control.
  • Type: List report
  • Table: Risk [grc_risk]
Controls by Authority Document Displays the count of controls for each authority document.
  • Type: Pie chart
  • Table: Control Authoritative Source [m2m_control_authoritative_source]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver
Controls Coverage Report Displays the percentage of controls for each authority document that are covered by at least one control test definition. Use this report to ensure that the appropriate controls are covered by the control test definitions to meet compliance goals.
  • Type: List report
  • Table: Authoritative Source [grc_authoritative_source]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver

My GRC Control

Roles:

  • grc_process_owner
  • grc_test_definition_admin
Control Tests by Audit Lists all the control tests for an audit together with their state and short description. By default, the results are grouped by Audit and ordered by Control test and Audit number.
  • Type: List report
  • Table: Control Test Status by Audit [grc_audit_control_test_view]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver
grc_audit_control_test_view

Joins:

  • Audit [grc_audit]
  • Audit Control Test Instances [m2m_audit_control_test]
  • Control Test Definition [grc_control_test]
Control Tests by State (My Group) Displays control tests grouped by state for open audits that are owned by the logged-in user's group.
  • Type: Pie chart
  • Table: Control Test Status by Audit [grc_audit_control_test_view]
grc_audit_control_test_view

Joins:

  • Audit [grc_audit]
  • Audit Control Test Instances [m2m_audit_control_test]
  • Control Test Definition [grc_control_test]
Failing Controls by Authority Document Displays failing control tests grouped by pertinent authority documents.
  • Type: Pie chart
  • Table: Control Authoritative Source [m2m_control_authoritative_source]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver
Manual Attestations Past Due Date Displays all overdue manual attestations for control tests attached to audits owned by the logged-in user.
  • Type: List report
  • Table: GRC Attestations by Control Test [grc_attestations_control_tests]
My GRC Audit portal

Roles:

  • grc_audit_definition_admin
  • grc_internal_auditor
grc_attestations_control_tests

Joins:

  • Assessment Instance [asmt_assessment_instance]
  • Control Test [grc_control_test]
My Audits by State Displays the audits assigned to the logged-in user, grouped by state.
  • Type: Pie chart
  • Table: Audit [grc_audit]
My GRC Audit portal

Roles:

  • grc_audit_definition_admin
  • grc_internal_auditor
My Audits in Progress Lists audits with a state of Work in Progress that are owned by the logged-in user.
  • Type: List report
  • Table: Audit [grc_audit]
My GRC Audit portal

Roles:

  • grc_audit_definition_admin
  • grc_internal_auditor
My Control Test Definitions Lists control test definitions created by the logged-in user or generated from a control owned by the user or the user's group.
  • Type: List report
  • Table: Control Test Definition [grc_control_test_definition]
My GRC Control portal

Roles:

  • grc_test_definition_admin
  • grc_process_owner
My Control Tests by State Displays control tests grouped by state for open audits owned by the logged-in user.
  • Type: List report
  • Table: Control Test Status by Audit [grc_audit_control_test_view]
My GRC Audit portal

Roles:

  • grc_audit_def_admin
  • grc_internal_auditor
grc_audit_control_test_view

Joins:

  • Audit [grc_audit]
  • Audit Control Test Instances [m2m_audit_control_test]
  • Control Test Definition [grc_control_test]
My Controls by Authority Document Displays controls owned by the logged-in user, grouped by authority document.
  • Type: Pie chart
  • Table: Control Authoritative Source [m2m_control_authoritative_source]
My GRC Control portal

Roles:

  • grc_test_definition_admin
  • grc_process_owner
My Failing Control Tests by Control Displays a list of the logged on user's controls that are failing. Controls selected are active and pertinent.
  • Type: List report
  • Table: Control [grc_control]
My GRC Audit portal

Roles:

  • grc_test_definition_admin
  • grc_internal_auditor
grc_audit_control_test_view

Joins:

  • Audit [grc_audit]
  • Audit Control Test Instances [m2m_audit_control_test]
  • Control Test Definition [grc_control_test]
My Failing Controls by Authority Document Displays failing control tests generated from the logged-in user's control or control test definition, grouped by authority document.
  • Type: Pie chart
  • Table: Control Authoritative Source [m2m_control_authoritative_source]
My GRC Control portal

Roles:

  • grc_test_definition_admin
  • grc_process_owner
My GRC Update Approvals Displays all GRC update activity for the logged-in user's approval group. This report does not show GRC update requests submitted when the Automatically approve all GRC update requests property is set to true. For additional information, see Approve a UCF document request - Legacy.
  • Type: List report
  • Table: GRC Update Status [grc_ucf_update_status]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver
My Open Control Tests Lists open control tests for audits assigned to the logged-in user or user's group or audit definitions owned by the user or user's group.
  • Type: List report
  • Table: Control Test Status by Audit [grc_audit_control_test_view]
My GRC Audit portal

Roles:

  • grc_audit_definition_admin
  • grc_internal_auditor
grc_audit_control_test_view

Joins:

  • Audit [grc_audit]
  • Audit Control Test Instances [m2m_audit_control_test]
  • Control Test Definition [grc_control_test]
My Observations and Remediations Lists observations and remediations for audits assigned to the logged-in user or user's group or audit definitions owned by the user or user's group.
  • Type: List report
  • Table: Remediation by audit [grc_remediations_by_audit]
grc_remediations_by _audit

Joins:

  • Audit [grc_audit]
  • Observation [grc_observation]
  • Remediation [grc_remediation]
Observations by Audit Lists all the observations for a given audit. By default, the results are grouped by Audit and ordered by Audit number and Observation.
  • Type: List report
  • Table: Observation by Audit [grc_observations_by_audit]
grc_observations_by_audit

Joins:

  • Audit [grc_audit]
  • Observation [grc_observation]
Policy Coverage Gap Lists all policies linked to controls that are not used in any control test definition.
  • Type: List report
  • Table: GRC Policy Coverage Gap [grc_policy_coverage_gap]
grc_policy_coverage_gap

Joins:

  • Policy Control [m2m_control_policy]
  • Control Test Definition [grc_control_test_definition]
Remediations by Audit Lists remediations by audit. By default, the results are grouped by Audit number and Remediation. Remediations are generated when control tests fail.
  • Type: List report
  • Table: Remediations by audit [grc_remediations_by_audit]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver
grc_remediations_by_audit

Joins:

  • Audit [grc_audit]
  • Observation [grc_observation]
  • Remediation [grc_remediation]
Remediations by Observations Lists the remediations for each observation in an audit. By default, the results are grouped by Audit number. Remediations are generated when control tests fail.
  • Type: List report
  • Table: Remediations by observation [grc_remediations_by_observations]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver
grc_remediations_by_observations

Joins:

  • Audit [grc_audit]
  • Observation [grc_observation]
  • Remediation [grc_remediation]
Risk Coverage Gap Lists all risks linked to controls that are not used in any control test definition.
  • Type: List report
  • Table: GRC Risk Coverage Gap [grc_risk_coverage_gap]
grc_risk_coverage_gap

Joins:

  • Risk Control [m2m_risk_control]
  • Control Test Definition [grc_control_test_definition]
Super Control Lists the controls linked to more than one authority document and displays their compliance and non-compliance.
  • Type: List report
  • Table: Control [grc_control]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver

My GRC Audit portal Roles:

  • grc_audit_definition_admin
  • grc_internal_auditor

My GRC Control portal Roles:

  • grc_test_definition_admin
  • grc_process_owner
UCF Update Overview Lists the differences between the existing GRC entities and the available UCF updates. This report also displays the UCF release version and update time stamp. Results are grouped by the UCF authority document name. To see a result list longer than twenty entries, click the group title.
  • Type: List report
  • Table: GRC UCF Difference [grc_ucf_difference]
My GRC portal

Roles:

  • grc_admin
  • grc_executive_approver