Remediating and retesting issues
Record a remediation plan and document retesting results to determine whether or not the issue has truly been remediated.
Before you start
Before you can record a remediation plan and document retesting results, you must record an issue.
How it works
Auditors often work with management to ensure that responses to issues are appropriately stated and address root causes.
By assigning issues to the appropriate owner, issue owners can use the Follow-up & Remediation tab to enter their own management responses or action plans, state who is responsible, what they will do, and the time frame for completion.
Auditors can then follow-up with management, retest issues and record any subsequent findings on the Retest Information subtab, including whether or not the issue has truly been remediated, and report back to the audit committee on the status of remediation activities.
Example
Recording a management response or action plan
The following example shows a remediation plan that a Director of IT has drafted in response to an issue:
- Issue Title Disaster recovery protocols not coordinated
- Description There is no coordinated ITDR documentation for effective response to major incidents, such as large scale damage to the infrastructure hosted within the server room (known internally as G1). We would typically expect a recovery sequence to be in place defining a logical technical recovery order of IT systems in priority order taking account of dependencies with other systems. This may include interfaces to other applications and IT infrastructure services such as active directory.
Remediation plan
- Overall Status Open
- Remediation Status Management Remediating
- Remediation Plan A resource will be identified and will be primarily responsible for reviewing the current ITDR plan to ensure that all components required in a ITDR plan is covered and in line with suggested industry best practices. The plan itself will be reviewed twice a year.
- Remediation Deadline 01/04/2019
- Actual Remediation Date 12/20/2018
Action
- Action Title Coordinate a meeting with IT Manager to revise current ITDR plan.
- Owner John Smith
- Due Date Dec 3, 2018
- Status Remediated - Awaiting Verification
Permissions
Professional Managers, Professional Users have write access to the Follow-up & Remediation and Retest Information subtabs.
Oversight Reviewers have read-only access to the Follow-up & Remediation and Retest Information subtabs.
Oversight Executives, Contributor Managers, and Contributor Users can only update the Remediation Plan, Remediation Deadline, and Actual Remediation Date fields on the Follow-up & Remediation subtab.
Contributor Testers have write access to issues they create. For issues assigned to them, Contributor Testers can only update the Remediation Plan, Remediation Deadline, and Actual Remediation Date fields on the Follow-up & Remediation subtab.
Navigate to the issues area
Note
- Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
- If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
Do one of the following:
- Work with issues from a specific project
-
From the Launchpad home page (www.highbond.com), select the Projects app to open it.
If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Projects app.
- Navigate to a project.
- Click the Issues tab.
-
- Work with issues from all projects Open the Issue Tracker app.
Locate an issue in the Issues List
- Do any of the following:
- Enter the title, or partial title, of the issue(s) in the search box.
Issues that do not match your search are filtered out as you type.
- Use any of the filters to restrict the issues that display on the page.
Click Clear to remove any of the applied filters.
- Click on any column header to sort the issue list by that column in ascending or descending order.
- Click the project name to view all issues associated with the project.
Note
This option is only available in Issue Tracker.
- Enter the title, or partial title, of the issue(s) in the search box.
- From the Issues tab, click the issue name or from Issue Tracker, click Details beside the appropriate issue.
Result The Issue Details page opens.
- Click the Follow-up & Remediation subtab.
Update remediation details
Update the following fields:
Rich text fields cannot exceed 524,288 characters.
Tip
To enable spell check on rich text fields, do one of the following:
- Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
- Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words
Field | Description |
---|---|
Overall Status | identifies whether the issue is in an open or closed state |
Remediation Status optional |
identifies the remediation status of the issue For example, the issue could be remediated and awaiting verification. |
Remediation Plan optional |
provides a description of the remediation plan in detail |
Remediation Deadline optional |
specifies a deadline for the issue to be remediated by |
Actual Remediation Date optional |
specifies the date the issue was actually remediated |