The primary goal of the new POAM Reporting feature is to provide data sets for metrics and reporting regarding issues and risk mitigation. These data sets are designed to be meaningful for your program and can be reported to relevant stakeholders.
I. Accessing the Reports
Both new reporting features are located under Issue Management > Findings. You will find them under the action menu on the top right of the Findings page:
- Finding summary by IC Control Family.
- Finding summary by Asset
II. Essential Data Prerequisites for Reporting
To ensure your reports are accurate and comprehensive, every finding must be properly linked to core entities:
| Report Type | Required Data Link | Purpose |
|---|---|---|
| Both Reports | Findings must have an asset and internal control linked to them. | This is essential for rolling out the report. |
| By IC Control Family | Findings must be linked to internal controls. | This linkage shows how the finding is impacting your controls. |
| By Asset | Findings must be tagged with the appropriate asset. | This allows you to generate findings by asset reports. |
The reports provide gap analysis lists—a master file of findings without an associated internal control and a list of findings without assets mapped to them—which help you clean up your data to ensure "nice clean reporting".
III. Report 1: Finding Summary by IC Control Family
This report provides a data set summarized by the control family to which the findings are mapped.
A. Required Configuration
Before exporting this report, you must ensure that your internal controls are properly categorized:
- Control Family Value Management: You can configure the list of control families used in the report. This list is a drop-down field located in Administration > Custom Fields. You can edit this field to unselect the default list and add new values specific to your program.
- Control Family Assignment: After defining the drop-down list, you must go to your internal control and identify the control family for every internal control.
B.Content Summary
When exported, the file provides summarized analytics of findings grouped by the associated control family. The summary includes:
- The status of the control.
- The priority of the finding.
- The risk mitigation details.
- Any approval status that is outstanding.
You can drill down into each control family within the report to see further details of the exact findings included in the analytics.
IV. Report 2: Finding Summary by Asset
This report provides a data set organized and summarized by the assets linked to the findings.
A. Asset Linking Details
- Findings can have a many-to-many relationship with assets.
- The C1Risk platform allows you to define various asset types and inventory, such as infrastructure, applications, processes, business units, and locations.
B. Content Summary
When you export this report, you receive a data set that, for each asset, includes:
- A summary for the asset.
- A detailed worksheet of the findings that are associated with that specific asset.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article