Control Identification

HOPEX IT Risk Management : HOPEX IT Risk Management : HOPEX IT Risk Management Reports : IT Compliance Reports : Control Identification

This report presents the distribution of controls according to several criteria:

• by process

A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.

• by control type

A control type allows the classification of controls implemented in a company in accordance with regulatory or domain specific standards (Cobit, etc.).

• by entity

An entity can be internal or external to the enterprise: an internal entity represents an element in the organization of the enterprise such as a department, service or a workstation. It is defined at a level depending on the degree of detail to be provided on the organization (see org-unit type). Example: financial management, sales management, marketing department, account manager. An external entity represents an organization that exchanges flows with the enterprise, Example: customer, supplier, government office.

• by objective

An objective is a goal that a company or organization wants to achieve, or is the target set by a process or an operation. An objective allows you to highlight the features in a process or operation that require improvement.

• by regulatory framework

A regulation or regulatory framework is a set of directives, compulsory or not, defined by a government in a law, by standard bodies as "best practices" or as an internal policy in an organization.

Access path

Reports > IT Compliance > Control Identification

Parameters

This consists of selecting the controls that will be presented in specifying elements that define their scope.

• control types

• entities

• processes

• objectives

Parameters	Parameter type	Constraints
Begin Date	date	Assessment selection criterion Not mandatory.
End date	date	Assessment selection criterion; set to current date.
Scope control type	control type	Control selection criterion. Not mandatory.
Scope entities	entity	Control selection criterion. Not mandatory.
Scope processes	process	Control selection criterion. Not mandatory.
Scope objectives	objectives	Control selection criterion. Not mandatory.

Result

The report presents the distribution of controls in the form of a stacked bar chart. The distribution criteria are as follows:

• Distribution by process

• Distribution by control type

• Distribution by entity

• Distribution by objective

• Distribution by status

• Distribution by regulatory framework

Example

The bar chart below shows the number of controls (evaluated or not evaluated) by regulation.

When you click on a bar chart, the controls in question appear in a list at the bottom of the page.