What Reports Are Available on the Metrics Page?

Your KCM Governance, Risk, and Compliance (GRC) platform offers a variety of reports for your KCM GRC modules. These reports provide metrics for many of the workflows and compliance efforts found in your account.

This article explains the reports available on the Metrics page in your account. To access this page, click Metrics from the navigation panel on the left-hand side of your account.

Tip: Your auditors have an opportunity to see the reports contained on the Metrics page in a limited capacity. See our KCM GRC: Guide for Auditors article if you'd like to share an instructional guide with your auditors.

Note: In addition to the reports available on the Metrics page, you can create custom reports. See our Custom Reporting article to learn more.

For account administrators, there are six sections displayed on the Metrics page. Use the links below to learn more about the reports under each section.

Jump to:
Detailed Compliance Reports
Summary Compliance Reports
Scope Tasks Gantt
Policy Management Reports
Risk Management Reports
Additional Reports

Detailed Compliance Reports

Under the Detailed Compliance Reports section of the Metrics page, you'll find a report for each of your scopes that contain requirements, and one or more of these requirements have a mapped control. Click a scope name to open a report.

Note: Scope Administrators and Auditors can access these reports for their allowed scopes. To learn more about user permissions see our User Roles article.

The Detailed Report page shows the requirements in your scope that have mapped controls. Additionally, this report shows the requirements' mapped controls and the tasks that have been created for these controls.

Click the Export to CSV button at the top right-hand side of the page to export this report. The CSV export will contain the scoped requirements that have mapped controls and scheduled tasks.

You can use the filters at the top of the page to specify which tasks are shown in your report. You can filter tasks by a date range and task status. Click the drop-down below to see details about these filters.

Report Filters

To apply a date range filter to the tasks shown in your report (optional), make the following selections:
1. From:
  1. Click the drop-down menu to specify whether the beginning date in your date range should apply to the tasks' start dates, end dates, or due dates.
  2. Click the date field to select a beginning date from the calendar. Alternatively, type a date into this field in the following format: MM/DD/YYYY.
2. To:
  1. Click the drop-down menu to specify whether the ending date in your date range should apply to the tasks' start dates, end dates, or due dates.
  2. Click the date field to select an ending date from the calendar. Alternatively, type a date into this field in the following format: MM/DD/YYYY.
To apply a task status filter to the tasks shown in your report (optional), click the Filter by Task Status field and select one or more task statuses.
Click the Apply Filters button to apply your selections to the report.

See below to learn about the details that are shown on the Detailed Report page.

Example of Requirement, mapped Control, and Control tasks in Detailed Compliance Report.

The requirement name. You can click the requirement name to open the requirement.
The requirement description.
The name of the control that is mapped to this requirement. You can click the control name to open the control.
- If there are multiple controls mapped to a requirement each control is listed under the requirement (click to view example).
  
  A Requirement With Two Mapped Controls
The control description.
User/Group Assigned: If there is a user or a group assigned to the control, this information is displayed here. If a user is assigned, their email address is shown.

Tip: Assigning a user or a group to a control is optional. You can assign users to the control's tasks, instead. To learn more about assigning user groups to controls, see: Working with User Groups.
Manager: If there is an Approving Manager assigned to a control, their first and last name are displayed here.

Tip: Assigning an approving manager to a control is optional. You can assign approving managers to the control's tasks instead. To learn more, see: Task Approval Workflows.
Tasks: This area displays the tasks that have been created for this control. Each task shows the due date and task's status, as outlined below:
- Active tasks: Active/Open
- Past Due tasks: Open/Past Due
- Closed Late tasks: Closed/Late
- Failed tasks: Closed/Failed
  
  Tip: Tasks that have a Failed status can still be completed. Once a Failed task is completed the task status changes to Closed Late.
  
  Note: In addition to the task statuses listed above, if the task stage is Awaiting Approval, the task will show as Pending/Success if the task was completed before it reached Past Due status, or Pending/Late if the task was completed after it reached Past Due status.
Click a task to view more information about the task, as outlined below:
The name of the control associated with the task.
The task's status.
The task's stage.
The description of the control associated with the task.
The evidence that has been submitted for the task.
- To view or download the evidence, click the icon in the column on the far right-hand side of the evidence.
Starts On: The task's start date.
Ends On: The task's end date.
Due On: The task's due date.
User Assigned: The user who is assigned to the task.
Completed On: The date that the task was marked as completed by the User Assigned.
Completed By: The user who marked the task as complete.
Group Lead (optional): The Group Lead who is responsible for reviewing tasks under this control. To learn more, see: Working with User Groups.
Approving Manager (optional): The Approving Manager assigned to the task.
Second-level Approving Manager (optional): The Second-level Approving Manager assigned to the task.
Click this link to open the task and view the task notes, or to leave a task note.

Summary Compliance Reports

Under the Summary Compliance Reports section of the Metrics page, you'll find a report for each of your scopes that contain requirements, and one or more of these requirements have a mapped control. Click a scope name to open a report.

Note: Scope Administrators and Auditors can access these reports for their allowed scopes. To learn more about user permissions see our User Roles article.

The Summary Report page shows all of the requirements included in your scope. This report also shows the controls that are mapped to these requirements, if applicable.

The first column contains all of the requirements in your scope. The requirements are then divided into sections based on the first part of their requirement IDs, also known as the primary ID. Each section is divided by a header row that identifies the section by the primary ID of the requirements in that section.
- For example, in the image above, the first section contains the requirements that have the DE.AE primary ID and the second section contains the requirements that have the DE.CM primary ID.
Self-Assessment: The symbols in this column represent the response you selected for the requirement's self-assessment, as outlined in the table below. To learn more about scope self-assessments, see: Completing a Scope Self-Assessment.

Met

Partially Met

Not Met

No Answer

Not Applicable

Compliance %: This percentage shows the average Control Health for all controls mapped to this requirement. Control Health is the percentage of tasks that have been completed for a control.
- The Control Health percentage is calculated by adding the number of tasks that have a Satisfied or Closed Late status, then, dividing that number by the total number of tasks for that control (including tasks in Failed or Past Due status).
  
  Note: Tasks in Active status are not included in this calculation.
Expand/Collapse: Requirements that have controls mapped to them will include an arrow in this column. Click the arrow to view the control description for the control or controls mapped to this requirement.

Scope Tasks Gantt

Under the Scope Tasks Gantt area of the Metrics page, you'll find a report for each scope in your account and another report for all of the scopes in your account. Click on All Scopes or a scope name to open a report.

The Task Gantt Chart is a horizontal bar chart that shows the start, end, and due dates of the control tasks that are associated with the requirements in your scope. This chart also shows the statuses of these tasks.

You can use the From and To filters at the top of the page to show the tasks that start, end, or are due within a particular date range. To narrow your results based on task status, click the Filter by Task Status field and select one or more task statuses.

In the Gantt chart, each task is represented by a horizontal bar. Each bar shows the number of days between the task's Start Date and its Due Date. The color of the bar represents the status of the task. These colors are outlined in the Due Date Task Range legend (click to view example) above the Gantt chart. Click on a bar to see information about the task.

From the Column in the Gantt chart, you can click on a control name to open the control in a new tab.

Policy Management Reports

The Policy Management Reports section of the Metrics page lists the policy campaigns that you have created under your Policy Management module. Click a campaign name to open the report for the campaign. To learn more about monitoring Policy Management Campaigns see the Monitor and Managing Campaigns section of our KCM GRC: Policy Management article.

Risk Management Reports

Under the Risk Management Reports section of the Metrics page, you will find the risk overview report. Click Risk Overview Report to open the report.

Note: Risk Administrators can access the risk overview report. To learn more about user permissions see our User Roles article.

The Risk Overview Report page provides a list of the risks in your risk management module that have mapped controls, see details below:

Use the Status filter to only show risks with a specific status.
Use the Category or Subcategory filters to show risks that are in a specific category or subcategory in your Risk Register.
From the Risk Overview Report page, click on a risk to see details about the risk and the control or controls that it is mapped to, as shown below:

To learn more about risk controls, see our Creating and Mapping Risk Controls article.

Additional Reports

You'll find two reports under the Additional Reports section of the Metrics page: the Executive Report and Compliance Report by User.

Click Executive Report to create a new executive report or to view existing reports. The executive report sends emails to your organization's executives or other stakeholders, so you can automatically keep them up-to-date on the status of the compliance efforts in your platform. To learn more about this report see our KCM GRC: Executive Reporting article.

Click Compliance Report by User to see a history of the efforts that employees have made toward completing the control tasks that they are assigned to. This report includes active users who have the following user roles: Account Administrator, Scope Administrator, or Contributor. To learn more about completing tasks, see: Monitoring and Completing Tasks (a Guide for Contributors).

KCM GRC: Metrics Reports

What Reports Are Available on the Metrics Page?

Detailed Compliance Reports

Summary Compliance Reports

Scope Tasks Gantt

Policy Management Reports

Risk Management Reports

Additional Reports

Comments

	Met
	Partially Met
	Not Met
	No Answer
	Not Applicable

What Reports Are Available on the Metrics Page?

Detailed Compliance Reports

A Requirement With Two Mapped Controls

Summary Compliance Reports

Scope Tasks Gantt

Task Status Legend

Policy Management Reports

Risk Management Reports

Additional Reports

Related articles