Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska Kiswahili ไทย Türkçe Українська Tiếng Việt 简体中文 中文 (香港) 繁體中文

KCM GRC: Metrics Reports

Avatar
Lauren Ashley
Updated
Follow

What Reports Are Available on the Metrics Page?

Your KCM Governance, Risk, and Compliance (GRC) platform offers a variety of reports for your KCM GRC modules. These reports provide metrics for many of the workflows and compliance efforts found in your account.

This article explains the reports available on the Metrics page in your account. To access this page, click Metrics from the navigation panel on the left-hand side of your account.

Tip: Your auditors have an opportunity to see the reports contained on the Metrics page in a limited capacity. See our KCM GRC: Guide for Auditors article if you'd like to share an instructional guide with your auditors.
Note: In addition to the reports available on the Metrics page, you can create custom reports. See our Custom Reporting article to learn more.

For account administrators, there are six sections displayed on the Metrics page. Use the links below to learn more about the reports under each section. 

Jump to:
Detailed Compliance Reports
Summary Compliance Reports
Scope Tasks Gantt
Policy Management Reports
Risk Management Reports
Additional Reports

 

Detailed Compliance Reports

Under the Detailed Compliance Reports section of the Metrics page, you'll find a report for each of your scopes that contain requirements, and one or more of these requirements have a mapped control. Click a scope name to open a report.

Note: Scope Administrators and Auditors can access these reports for their allowed scopes. To learn more about user permissions see our User Roles article.

The Detailed Report page shows the requirements in your scope that have mapped controls. Additionally, this report shows the requirements' mapped controls and the tasks that have been created for these controls.

Click the Export to CSV button at the top right-hand side of the page to export this report. The CSV export will contain the scoped requirements that have mapped controls and scheduled tasks.

You can use the filters at the top of the page to specify which tasks are shown in your report. You can filter tasks by a date range and task status. Click the drop-down below to see details about these filters.

Report Filters

  1. To apply a date range filter to the tasks shown in your report (optional), make the following selections:
    1. From:
      1. Click the drop-down menu to specify whether the beginning date in your date range should apply to the tasks' start dates, end dates, or due dates.
      2. Click the date field to select a beginning date from the calendar. Alternatively, type a date into this field in the following format: MM/DD/YYYY.
    2. To:
      1. Click the drop-down menu to specify whether the ending date in your date range should apply to the tasks' start dates, end dates, or due dates.
      2. Click the date field to select an ending date from the calendar. Alternatively, type a date into this field in the following format: MM/DD/YYYY.
  2. To apply a task status filter to the tasks shown in your report (optional), click the Filter by Task Status field and select one or more task statuses.
  3. Click the Apply Filters button to apply your selections to the report.

See below to learn about the details that are shown on the Detailed Report page. 

Example of Requirement, mapped Control, and Control tasks in Detailed Compliance Report.

  1. The requirement name. You can click the requirement name to open the requirement.
  2. The requirement description.
  3. The name of the control that is mapped to this requirement. You can click the control name to open the control.
    • If there are multiple controls mapped to a requirement each control is listed under the requirement (click to view example).
  4. The control description.
  5. User/Group Assigned: If there is a user or a group assigned to the control, this information is displayed here. If a user is assigned, their email address is shown.
    Tip: Assigning a user or a group to a control is optional. You can assign users to the control's tasks, instead. To learn more about assigning user groups to controls, see: Working with User Groups.
  6. Manager: If there is an Approving Manager assigned to a control, their first and last name are displayed here.
    Tip: Assigning an approving manager to a control is optional. You can assign approving managers to the control's tasks instead. To learn more, see: Task Approval Workflows.
  7. Tasks: This area displays the tasks that have been created for this control. Each task shows the due date and task's status, as outlined below:
    • Active tasks: Active/Open
    • Past Due tasks: Open/Past Due
    • Closed Late tasks: Closed/Late
    • Failed tasks: Closed/Failed
      Tip: Tasks that have a Failed status can still be completed. Once a Failed task is completed the task status changes to Closed Late.
      Note: In addition to the task statuses listed above, if the task stage is Awaiting Approval, the task will show as Pending/Success if the task was completed before it reached Past Due status, or Pending/Late if the task was completed after it reached Past Due status.
    Click a task to view more information about the task, as outlined below:
  8. The name of the control associated with the task.
  9. The task's status.
  10. The task's stage.
  11. The description of the control associated with the task.
  12. The evidence that has been submitted for the task.
    • To view or download the evidence, click the icon in the column on the far right-hand side of the evidence.
  13. Starts On: The task's start date.
  14. Ends On: The task's end date.
  15. Due On: The task's due date.
  16. User Assigned: The user who is assigned to the task. 
  17. Completed On: The date that the task was marked as completed by the User Assigned.
  18. Completed By: The user who marked the task as complete.
  19. Group Lead (optional): The Group Lead who is responsible for reviewing tasks under this control. To learn more, see: Working with User Groups.
  20. Approving Manager (optional): The Approving Manager assigned to the task.
  21. Second-level Approving Manager (optional): The Second-level Approving Manager assigned to the task.
  22. Click this link to open the task and view the task notes, or to leave a task note.

Back to Top

 

Summary Compliance Reports

Under the Summary Compliance Reports section of the Metrics page, you'll find a report for each of your scopes that contain requirements, and one or more of these requirements have a mapped control. Click a scope name to open a report.

Note: Scope Administrators and Auditors can access these reports for their allowed scopes. To learn more about user permissions see our User Roles article.

The Summary Report page shows all of the requirements included in your scope. This report also shows the controls that are mapped to these requirements, if applicable.

  1. The first column contains all of the requirements in your scope. The requirements are then divided into sections based on the first part of their requirement IDs, also known as the primary ID. Each section is divided by a header row that identifies the section by the primary ID of the requirements in that section.
    • For example, in the image above, the first section contains the requirements that have the DE.AE primary ID and the second section contains the requirements that have the DE.CM primary ID.
  2. Self-Assessment: The symbols in this column represent the response you selected for the requirement's self-assessment, as outlined in the table below. To learn more about scope self-assessments, see: Completing a Scope Self-Assessment.
    Green Check Mark Met
    Yellow Check Mark Partially Met
    Red X Not Met
    Dark Blue Dash No Answer
    Light Blue Question Mark Not Applicable
  1. Compliance %: This percentage shows the average Control Health for all controls mapped to this requirement. Control Health is the percentage of tasks that have been completed for a control.
    • The Control Health percentage is calculated by adding the number of tasks that have a Satisfied or Closed Late status, then, dividing that number by the total number of tasks for that control (including tasks in Failed or Past Due status).
      Note: Tasks in Active status are not included in this calculation.
  2. Expand/Collapse: Requirements that have controls mapped to them will include an arrow in this column. Click the arrow to view the control description for the control or controls mapped to this requirement. 

Back to Top

 

Scope Tasks Gantt

Under the Scope Tasks Gantt area of the Metrics page, you'll find a report for each scope in your account and another report for all of the scopes in your account. Click on All Scopes or a scope name to open a report.

The Task Gantt Chart is a horizontal bar chart that shows the start, end, and due dates of the control tasks that are associated with the requirements in your scope. This chart also shows the statuses of these tasks.

You can use the From and To filters at the top of the page to show the tasks that start, end, or are due within a particular date range. To narrow your results based on task status, click the Filter by Task Status field and select one or more task statuses. 

In the Gantt chart, each task is represented by a horizontal bar. Each bar shows the number of days between the task's Start Date and its Due Date. The color of the bar represents the status of the task. These colors are outlined in the Due Date Task Range legend (click to view example) above the Gantt chart. Click on a bar to see information about the task. 

From the Column in the Gantt chart, you can click on a control name to open the control in a new tab.

Back to Top

 

Policy Management Reports

The Policy Management Reports section of the Metrics page lists the policy campaigns that you have created under your Policy Management module. Click a campaign name to open the report for the campaign. To learn more about monitoring Policy Management Campaigns see the Monitor and Managing Campaigns section of our KCM GRC: Policy Management article.

Back to Top

 

Risk Management Reports

Under the Risk Management Reports section of the Metrics page, you will find the risk overview report. Click Risk Overview Report to open the report.

Note: Risk Administrators can access the risk overview report. To learn more about user permissions see our User Roles article.

The Risk Overview Report page provides a list of the risks in your risk management module that have mapped controls, see details below:

  1. Use the Status filter to only show risks with a specific status.
  2. Use the Category or Subcategory filters to show risks that are in a specific category or subcategory in your Risk Register.
  3. From the Risk Overview Report page, click on a risk to see details about the risk and the control or controls that it is mapped to, as shown below:

To learn more about risk controls, see our Creating and Mapping Risk Controls article. 

Back to Top

 

Additional Reports 

Under the Additional Reports section of the Metrics page, you'll find the Executive Report and Compliance Report by User.

Please see the descriptions below for information about these two reports. 

  • From the Executive Report page, you can create a new executive report or view existing reports. The executive report sends emails to your organization's executives or other stakeholders, which will automatically keep them up-to-date on the status of the compliance efforts in your platform. To learn more about this report, see our KCM GRC: Executive Reporting article.
  • From the Compliance Report by User page, you can view the number of closed tasks and incomplete tasks for each active user who has an Account Administrator, Scope Administrator, or Contributor user role. The number of closed tasks includes tasks with Acknowledged, Closed Late, Verified, and Satisfied statuses, and the number of incomplete tasks includes tasks with Failed and Past Due statuses. You can use this report to monitor whether users are completing their assigned tasks, which will help you ensure that your organization is meeting its compliance goals. To learn more about completing tasks, see our KCM GRC: Monitoring and Completing Tasks (a Guide for Contributors) article.
    Note: The circle graphs on the Compliance Report by User page show the percentage of tasks that each user has closed. The graphs round to the nearest whole number. For example, if a user has completed 10.5% of all of their assigned tasks, this graph will show that the user has completed 11%. If a user has completed 10.49% of all of their assigned tasks, this graph will show that the user has completed 10%. 

 

Back to Top

 

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles