Menu

KCM GRC: Metrics and Reports

Avatar
Lauren Ashley
Updated
Follow

What Types of Reports Are Available in My KCM GRC Console?

Note: As we have recently made major updates to your KCM GRC platform, this article is a work in progress and may not be fully up-to-date. For details on these enhancements, please see our Enhancements to the KCM GRC Platform and Compliance Management Workflows (July 2020) article.

Your KCM Governance, Risk, and Compliance (GRC) platform offers a variety of reports for your KCM GRC modules. These reports provide detailed metrics for many of the various workflows, management, and compliance efforts made in your account.

If you're an account administrator, you can access all of the reports that are explained in this article. To view, click Metrics from the left-hand side navigation panel.

Tip: Your auditors have an opportunity to see the reports contained on the Metrics page in a limited capacity. See our KCM GRC: Guide for Auditors article if you'd like to share an instructional guide with your auditors.

There are six sections displayed on the Metrics page. Use the links below to learn more about the report(s) under each section. The final section of this article explains an additional report that is available in your account, outside of the Metrics page.

Jump to:
Detailed Compliance Reports
Summary Compliance Reports
Scope Tasks Gantt
Policy Management Reports
Risk Management Reports
Additional Reports
Custom Reporting

 

Detailed Compliance Reports

Under the Detailed Compliance Reports section of the Metrics page, you'll find a report for the scopes that you've created in your account.

These reports provide a detailed overview of all of the important pieces of a scope, including:

Back to Top

 

Summary Compliance Reports

Under the Summary Compliance Reports section, you'll find a report for the scopes that you've created in your account. The purpose of the Summary Report is to provide an overview of a scope's requirements and controls and the status of their associated tasks.

You can refine what requirements are included in the report by setting filters in the top-left area, as shown below. Filtering is based on the start, end, or due dates of the tasks that you've created for controls.

You can use the Export Results to CSV button at the top-right of the page to download a CSV file of the report. The CSV will consist of the scope requirements that have mapped controls and scheduled tasks.

  1. From: Use the drop-down menu to specify whether you want to start the filtering of tasks by their Start Date, End Date, or Due On [Date]. Then, click the date field to select a calendar date to start from.
  2. To: Use the drop-down menu to specify whether you want to end the filtering of tasks by their Start Date, End Date, or Due On [Date]. Then, click the date field to select a calendar date to end on.
  3. Click Apply Filters to apply your task specifications.
  4. Use the Reset Filter button to remove the filter you've put in place.

    Note:

    If you use the Export Results to CSV button while a task filter is in place, the CSV will only contain requirements and controls that have tasks applicable to the filter.

  5. The Compliance % column (see below) will contain either a percentage or one of these four tags: No Controls, No Tasks In Range, No Tasks Scheduled, or No Tasks Due. The details of each tag are defined in this report key, as shown in the screenshot above.

  1. All requirements included in the scope will be listed in this report. The requirements are broken into sections based on the top-level requirement IDs. All subsequent requirements are contained within. There is a header row for each different top-level requirement ID.
    For example, in the image above, the first header row is PCI DSS 3.2 1. All requirements with a requirement ID beginning with "1." (e.g., 1.1, 1.1.1, 1.1.2, etc.), are found beneath this header. The next header row is PCI DSS 3.2 2. All requirements with a requirement ID beginning with "2." (e.g., 2.1, 2.1.1, 2.2, 2.2.1, etc.), are found beneath this header.
  2. Self-Assessment: The status you've set for each requirement's self-assessment question is noted by one of the symbols in the table below. See here to learn more about Scope Self-Assessments.
    Green Check Mark Met
    Red X Not Met
    Dark Blue Dash No Answer
    Light Blue Question Mark Not Applicable
  1. Compliance %: The average Control Health for all controls mapped to this requirement. Control Health is the percentage of tasks that have been completed for a control.
    • The Control Health percentage is calculated by adding the number of tasks that have a Satisfied or Closed Late status, then, dividing that number by the total number of tasks for that control (including tasks in Failed or Past Due status).

      Note:

      the tasks in Active status are not included in this calculation.

  2. Expand/Collapse: Requirements that have controls mapped to them will include an expand arrow in this column. Use the expand/collapse arrow to view/hide the control, respectively. 

Back to Top

 

Scope Tasks Gantt

A Gantt chart is a type of bar chart that illustrates the schedule of a project, or scope–as referred to in KCM GRC. Under the Scope Tasks Gantt section, you'll find a Gantt chart for the tasks from "All Scopes", as well as individual Gantt charts for each scope's tasks.

Click All Scopes or one of your individual scopes to view the Gantt chart.

From the Task Gantt Chart view, use the From and To filters to show the tasks that start, end, or are due within a particular date range. You also have the option to use the Filter by Task Status drop-down menu (shown below) to filter the tasks by the following statuses:

  • Active
  • Due Today
  • Past Due
  • Failed
  • Not Satisfied
  • Pending Approval
  • Pending My Approval
  • Declined
  • Satisfied

 

Tasks that have an Active, Satisfied, Closed Late, Past Due, or Failed status are distinguished in the Gantt chart by horizontal colored bars that represent the length of days the tasks were in the respective status. You can click on these colored bars to see an overview of task information.

Click on any control name from the control column of the Gantt chart to open the control in a new tab.

Back to Top

 

Policy Management Reports

This section will link you to the detailed reports found within the console for each of the campaigns you've created in your Policy Management module. To learn more about monitoring Policy Management Campaigns see the Monitor and Managing Campaigns section of our KCM GRC: Policy Management article.

Back to Top

 

Risk Management Reports

The Risk Overview Report link under this section of the Metrics page provides details about the risks you've identified and implemented controls for in your account's risk management module. See our KCM GRC Risk Management: Overview article for more information on this module.

Click the Risk Overview Report link to display a list of all of your risks that have mapped controls. See the Creating and Mapping Risk Controls section of our KCM GRC Risk Management: Risk Register article for more information on risk controls.

You can click on any risk name to view the Risk Detailed Report. The Risk Detailed Report includes information about the risk's controls and tasks. It provides task details such as the Task Schedule and activity, task Assignee and Manager, the Treatment Score of the risk control, and the risk's Inherent and Residual Score.

Back to Top

 

Additional Reports 

You'll find two reports under this section of the Metrics page, the Executive Report and Compliance Report by User.

The Executive Report is an automated way to keep your organization's executives, or senior management group, up-to-date on the status of your efforts to maintain compliance in your KCM GRC platform. Please see our KCM GRC: Executive Reporting article for full details.

If you click the Compliance Report by User link you'll find a history of the efforts each employee has made toward successfully meeting the control tasks to which they've been assigned. This report includes all active users with the following user permissions: Account Administrator, Scope Administrator, or Contributor.

Back to Top

 

Custom Reporting

You can use Custom Reporting to generate reports with data from your Compliance Management and Risk Management modules. Custom reports will provide details on the status of your tasks and the rate of completion for the controls you've implemented across your compliance and risk management initiatives. For more information, please see our Custom Reporting Guide.

Back to Top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles