The Compliance Module is a control library that can be used forregulatory compliance, operational compliance, and control self-assessment and as a vehicle for the 1st Line to take ownershipof their responsibilities.
|
The Compliance Module in Ansarada GRC allows you to: • Assess and document compliance obligations. • Manage, track and control compliance obligations. • Document and record the 1st and 2nd lines of defense and push-out responsibility to line managers. • Manage activities by exception and free up resources in the Compliance Department • Report by obligation, category, business unit, position or reference • Retain knowledge and establish a corporate compliance archive. • Ensure continuity of compliance obligations when there are staff or organisational changes. • Link compliance to Risks, Contracts, Key Metrics,Obligations, Events and Registers recorded inAnsarada GRC. |
At the end of this module, you will be able to:
• create a compliance process including documenting thecompliance controls and supporting framework
• create and view reports on completed and not completedcompliance tasks
This Manual is made up of the following sections:
• Part A – Access the Compliance Module
• Part B – Creating a Reference Library
• Part D — Compliance Reports and Dashboards
Before starting this session, you will need an understanding of:
• Screen and layout standards within Ansarada GRC (refer toManual SM01 Screen and layout standards within Ansarada GRC)
• The Security Centre Ansarada GRC (refer to Manual SM02 Security Centre)
Further information about establishing and managingCompliance in Ansarada GRC can be found in the On-line Help.
|
The three symbols below indicate steps, tips or criticalinformation to be aware of when using Ansarada GRC. |
|
|
|
This symbol indicates that there are specific, step-by-step instructions on how to complete a task. |
|
|
This symbol indicates that there are ideas or issues to consider before deciding how to proceed. |
|
|
This symbol indicates that there is critical information about using Ansarada GRC to consider before proceeding. |
When you log on to the Ansarada GRC home screen you should have access to the Compliance menu options.
If you can’t see the Compliance tab on the menu bar, contactyour System Administrator.
|
Your menu may look different depending on the type of security access you have been granted by the SystemAdministrator |
||
|
We will be working initially from the ‘Records’ sub section of this menu. Before reviewing, creating or updating Compliance records, open the Compliance Register. |
|
To open the Compliance Process register From the Main Menu select Compliance| Records. TheCompliance Processes screen displays. |
|
If you hover your mouse pointer over the icons on the left of the compliance register you will see what they can beused for. |
|
With the Compliance Register open, you can begin creating. Compliance Processes. Work through each of the fields on the screens to establish a compliance controlprocess. Once your compliance and controls framework are in placecommence recording the details of that Compliance Process in the Compliance module. |
|
|
|
To create a new Compliance Process • From the Compliance Process screen click the ‘New’ icon . The New Compliance Process screendisplays. • Complete the fields as described in the table below. • Save the changes . |
Fields on the New Compliance Process screen
|
Field |
Description |
|
|
Select Template |
Where there are a number of similar compliance processes, your Administrator may have created a template to pre-fill much of the information of this screen. If templates are in place, you can select the appropriate choice from thisfield. Click on the to view any special instructionabout creating a new Compliance Process. |
|
|
Process Number |
This is a unique number used to identify the Process Control. You determine this number. It can be alpha/numeric and up to 12 characters long. Ansarada GRC will check whether a number has already been used. If so, you are prompted to change the number.. |
|
|
Record Status |
A Process Control is active or inactive. When creating a new Process Control you would generally leave this as Active. |
|
|
|
A control might be set to Inactive if it relates to a control that will become effective in the future, e.g. once legislationis enacted. |
|
|
Title |
A short description of the Compliance Detail (up to 255 characters) is entered here. This Title field is used in some reports and onscreen headings. |
|
|
|
The Title field may not display on your screen. It is an optional field that your Ansarada GRC Administrator may have chosen not to use. |
|
|
Business Unit |
This is to identify where the responsibility for the risk is situated within the business. |
|
|
|
The term Business Unit is a customisable field. It may be called Departments or by some other description as set by your System Administrator. |
|
|
Category |
There is a list box for you to select what Compliance category this Process control applies to. This can be changed later if it is not correct. The list of Compliance Categories will have been set up by your Ansarada GRC Administrators. |
|
|
ResponsibleOfficer |
Select the Position of the person who is to be responsible for this Compliance Obligation. This would typically be a Senior or Executive Manager position. It is not necessarily the person who actions the compliance task. |
|
|
Description |
This is a free text box where you enter the detailed description of why the process control is in place and why it needs to be there. This can be amended later if required. |
|
|
Security |
Nominate the default security settings for the Compliance record for positions that are permitted to edit or manage a Compliance Control. These positions need Edit rights. Add those who will be able to complete Process tasks or report on task outcomes (View rights). Tick the appropriate security setting for each Security Group. By default, all other groupswill have Not Used. |
|
Field |
Description |
|
|
Positions in Security Groups with ‘Edit’ access can: • open and edit the details of the record including reports. • create and edit Tasks from the record page. • print the details of the record including reports. • delete the record. |
|
|
Positions in Security groups with ‘View’ access to a recordcan: • open and view the details of the record including reports. • open and view the record’s tasks. • print the details of the record including reports. |
|
|
Positions in Security groups with ‘Not Used’ access to a record will not be able to see the record at all. |
|
|
View rights are the minimum-security access to be assigned if a Position will action any tasks. They need to be able to view the record to perform the task. |
|
|
The Positions in each Security group can be viewed by clicking on the icon. This may assist with deciding who needs access and at what level. |
•
When you have saved this screen, the Compliance Processscreen displays with tabs to complete. Refer to the tables belowfor a description of the tabs required to be completed.
|
Tab |
Description |
|
Process Detail |
In this section describe why a certain control is in place and what is required to ensure compliance. The position responsible for the compliance obligation is shown here. Refer to the Process Detail Tab table below. |
|
ProcessControls |
Add the specific tasks required to ensure compliance. Include the steps involved, the position responsible and the due date for completion. |
|
Archives |
You can create an archive copy of a compliance process. Any previously created archive copies can also be viewed. |