The dropdown configuration management feature was designed to permit Company Administrators the ability to configure various dropdown fields or display fields on the main assessment page and the executive summary report.
The fields that are configurable are as follows:
- Business objective category (Main Assessment)
- Control objectives (Main Assessment)
- Effectiveness of Control (Main Assessment)
- Escalated to (Event Management)
- Identified by (Event Management)
- Industries (Main Assessment)
- Policy Group Owner (Main Assessment)
- Policy Rating (Main Assessment)
- Priority (Main Assessment)
- Risk Rating (Main Assessment)
- Severity (Main Assessment)
Many independent reviews of compliance programs undertake a series of control tests to assess the design and operational effectiveness. When performing control tests, independent reviewers may assess controls at different levels for the regulated entity, from enterprise-wide controls, to regional controls, country specific controls, domestic only controls or for certain business lines or operational functions.
Control tests are generally performed to obtain satisfactory evidence that the control is functioning appropriately and can manifest itself in many forms, for example, desk based reviews, process walkthroughs, interviews, sample testing or workshops.
The purpose behind the control objectives dropdown is to derive from the assessor what it is that they are trying to achieve by performing the control test.
Escalated to, identified by and severity
The Health Check Platform contains a fully functioning event manager which can be used for logging, tracking, managing and reporting breaches, incidents or near misses.
The list of functions, positions or roles that events can be escalated can be configured based on the reporting entities incident response policy.
In order for event owners to properly diagnose and investigate any incidents to determine the root cause of the incident the Health Check platform also provides a standard list of potential parties that could have first identified the event.
Since there are many industries that fall into the scope of various compliance legislation the Health Check comes with the ability to modify the list of industries that appear in the main assessment workflow.
The Health Check contains over 25 different industry sectors (primarily financial services, gaming and wagering, bullion dealers and gatekeepers), whereas the Anti-Bribery and Data Risk Management Health Checks contains over 40 industry sectors.
Policy Group Owner
The Policy Group Owner field allows the Company Administrator to define the functional areas relevant to the functional areas present at the reporting entity.
The priority dropdown in the Health Check allows independent reviewers or the client to assess the priority of addressing compliance gaps identified.
For example, if a reporting entity's Program indicated that they train all new joiners within 2 weeks of them joining the organisation but through the Health Check it was noted that this did not occur until after 4 weeks, then this would essentially be noted as a gap but is relatively low priority. If however, the Health Check found that suspicious terrorist activity was being reported 2 weeks after the mandatory reporting deadline then this should be considered a high priority.
The risk rating dropdown features in the main assessment as is designed to assess the compliance risk of non-compliance with certain obligations on the basis that some obligations are likely to be significantly more exposed to regulatory action than others.