What Types of Reports Are Available in My KCM GRC Console?
Your KCM Governance, Risk, and Compliance (GRC) platform offers a variety of reports for your KCM GRC modules. These reports provide detailed metrics for many of the various workflows, management, and compliance efforts made in your account. In addition to the reports offered in the console, you also have the ability to export a full copy of any of the scopes in your Compliance Management module.
If you're an account administrator, you can access all reports from the Metrics page. To view, click Metrics from the left-hand side navigation panel.
There are six sections displayed on the Metrics page. Use the links below to learn more about the report(s) under each section. The final section of this article provides details on exporting scopes from your account.
Detailed Compliance Reports
Under the Detailed Compliance Reports section of the Metrics page, you'll find a report for each scope that you've created in your account.
These reports provide a detailed overview of all of the important pieces of a scope, including:
- All requirements included in the scope
- The control(s) mapped to each requirement
- The task(s) scheduled for each control
- The frequency of the task schedules
- The tasks' Assignee/User Responsible
- The tasks' Approving Manager
- The status of current (Active/Open) and previous (Closed) tasks
Summary Compliance Reports
Under the Summary Compliance Reports section, you'll find a report for each scope that you've created in your account. The purpose of the Summary Report is to provide an overview of a scope's requirements and controls and the status of their associated tasks.
You can refine what requirements are included in the report by setting filters in the top-left area, as shown below. Filtering is based on the start, end, or due dates of the tasks that you've created for controls.
You can use the Export Results to CSV button at the top-right of the page to download a CSV file of the report. The CSV will consist of the scope requirements that have mapped controls and scheduled tasks.
- From: Use the drop-down menu to specify whether you want to start the filtering of tasks by their Start Date, End Date, or Due On [Date]. Then, click the date field to select a calendar date to start from.
- To: Use the drop-down menu to specify whether you want to end the filtering of tasks by their Start Date, End Date, or Due On [Date]. Then, click the date field to select a calendar date to end on.
- Click Apply Filters to apply your task specifications.
- Use the Reset Filter button to remove the filter you've put in place.
If you use the Export Results to CSV button while a task filter is in place, the CSV will only contain requirements and controls that have tasks applicable to the filter.
- The Compliance % column (see below) will contain either a percentage or one of these four tags: No Controls, No Tasks In Range, No Tasks Scheduled, or No Tasks Due. The details of each tag are defined in this report key, as shown in the screenshot above.
- All requirements included in the scope will be listed in this report. The requirements are broken into sections based on the top-level requirement IDs. All subsequent requirements are contained within. There is a header row for each different top-level requirement ID.
For example, in the image above, the first header row is PCI DSS 3.2 1. All requirements with a requirement ID beginning with "1." (e.g., 1.1, 1.1.1, 1.1.2, etc.), are found beneath this header. The next header row is PCI DSS 3.2 2. All requirements with a requirement ID beginning with "2." (e.g., 2.1, 2.1.1, 2.2, 2.2.1, etc.), are found beneath this header.
- Self-Assessment: The status you've set for each requirement's self-assessment question is noted by one of the symbols in the table below. See here to learn more about Scope Self-Assessments.
Met Not Met No Answer Not Applicable
- Compliance %: The measure of completion for the task(s) scheduled for each control.
Compliance percentage is calculated by adding the number of tasks that have a Closed Late, Awaiting Approval, Satisfied, or Acknowledged status, then dividing that number by the total number of tasks for that control (including tasks in Failed or Past Due status).
the tasks in Active status are not included in this calculation.
- Expand/Collapse: Requirements that have controls mapped to them will include an expand arrow in this column. Use the expand/collapse arrow to view/hide the control, respectively.
Scope Tasks Gantt
A Gantt chart is a type of bar chart that illustrates the schedule of a project, or scope–as referred to in KCM GRC. Under the Scope Tasks Gantt section, you'll find a Gantt chart for the tasks from "All Scopes", as well as individual Gantt charts for each scope's tasks.
Click All Scopes or one of your individual scopes to view the Gantt chart.
From the Task Gantt Chart view, use the From and To filters to show the tasks that start, end, or are due within a particular date range. You also have the option to use the Filter by Task Status drop-down menu (shown below) to filter the tasks by the following statuses:
- Due Today
- Past Due
- Not Satisfied
- Pending Approval
- Pending My Approval
Tasks that have an Active, Satisfied, Closed Late, Past Due, or Failed status are distinguished in the Gantt chart by horizontal colored bars that represent the length of days the tasks were in the respective status. You can click on these colored bars to see an overview of task information.
Policy Management Reports
This section will link you to the detailed reports found within the console for each of the campaigns you've created in your Policy Management module. To learn more about monitoring Policy Management Campaigns see the Monitor and Managing Campaigns section of our KCM GRC: Policy Management article.
Risk Management Reports
The Risk Overview Report link under this section of the Metrics page provides details about the risks you've identified and implemented controls for in your account's risk management module. See our KCM GRC Risk Management: Overview article for more information on this module.
Click the Risk Overview Report link to display a list of all of your risks that have mapped controls. See the Creating and Mapping Risk Controls section of our KCM GRC Risk Management: Risk Register article for more information on risk controls.
You can click on any risk name to view the Risk Detailed Report. The Risk Detailed Report includes information about the risk's controls and tasks. It provides task details such as the Task Schedule and activity, task Assignee and Manager, the Treatment Score of the risk control, and the risk's Inherent and Residual Score.
You'll find two reports under this section of the Metrics page, the Executive Report and Compliance Report by User.
The Executive Report is an automated way to keep your organization's executives, or senior management group, up-to-date on the status of your efforts to maintain compliance in your KCM GRC platform. Please see our KCM GRC: Executive Reporting article for full details.
If you click the Compliance Report by User link you'll find a history of the efforts each employee has made toward successfully meeting the control tasks to which they've been assigned. This report includes all active users with the following user permissions: Account Administrator, Scope Administrator, or Contributor.
In addition to the reports offered from the Metrics page, you also have the ability to export full copies of the scopes in your Compliance Management module.
In order to export a scope, it must contain requirements and one or more requirements must have a mapped control.
The Scope Export allows you to download a zipped file containing all of the scope's requirements, controls, tasks, and optionally, task evidence. Navigate to the Export a Scope page by clicking Compliance > Scopes > Export Scope from the navigation menu on the left-hand side of your console. Once you fill out the form and click the Schedule Export button, the download will be available shortly after, typically within 10 minutes or less.
Download the Scope by clicking Compliance > Scopes > Scheduled Exports then clicking the download icon in the right column of the Scheduled Exports table ().
Once you've downloaded and unzipped the scope export, the file components will look similar to the image below.
Open the index.html file to view all of the scope's requirements, controls, and tasks in a browser. Each evidence file uploaded for the scope's tasks is saved in individual folders named after the evidence's Document ID. Evidence submitted as a doculink can be viewed from the task details found on the index.html page.
Each evidence file is assigned a Document ID when uploaded to your KCM GRC platform. Document IDs are numbers assigned in the sequence of the files uploaded to your account.