Remediating and retesting issues

Record a remediation plan and document retesting results to determine whether or not the issue has truly been remediated.

Before you start

Before you can record a remediation plan and document retesting results, you must record an issue.

How it works

Auditors often work with management to ensure that responses to issues are appropriately stated and address root causes.

By assigning issues to the appropriate owner, issue owners can use the Follow-up & Remediation tab to enter their own management responses or action plans, state who is responsible, what they will do, and the time frame for completion.

Auditors can then follow-up with management, retest issues and record any subsequent findings on the Retest Information subtab, including whether or not the issue has truly been remediated, and report back to the audit committee on the status of remediation activities.

Example

Recording a management response or action plan

The following example shows a remediation plan that a Director of IT has drafted in response to an issue:

  • Issue Title Disaster recovery protocols not coordinated
  • Description There is no coordinated ITDR documentation for effective response to major incidents, such as large scale damage to the infrastructure hosted within the server room (known internally as G1). We would typically expect a recovery sequence to be in place defining a logical technical recovery order of IT systems in priority order taking account of dependencies with other systems. This may include interfaces to other applications and IT infrastructure services such as active directory.

Remediation plan

  • Overall Status Open
  • Remediation Status Management Remediating
  • Remediation Plan A resource will be identified and will be primarily responsible for reviewing the current ITDR plan to ensure that all components required in a ITDR plan is covered and in line with suggested industry best practices. The plan itself will be reviewed twice a year.
  • Remediation Deadline 01/04/2019
  • Actual Remediation Date 12/20/2018

Action

  • Action Title Coordinate a meeting with IT Manager to revise current ITDR plan.
  • Owner John Smith
  • Due Date Dec 3, 2018
  • Status Remediated - Awaiting Verification

Permissions

Professional Managers, Professional Users have write access to the Follow-up & Remediation and Retest Information subtabs.

Oversight Reviewers have read-only access to the Follow-up & Remediation and Retest Information subtabs.

Oversight Executives, Contributor Managers, and Contributor Users can only update the Remediation Plan, Remediation Deadline, and Actual Remediation Date fields on the Follow-up & Remediation subtab.

Contributor Testers have write access to issues they create. For issues assigned to them, Contributor Testers can only update the Remediation Plan, Remediation Deadline, and Actual Remediation Date fields on the Follow-up & Remediation subtab.

Navigate to the issues area

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.

Do one of the following:

  • Work with issues from a specific project
    1. From the Launchpad home page (www.highbond.com), select the Projects app to open it.

      If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Projects app.

    2. Navigate to a project.
    3. Click the Issues tab.
  • Work with issues from all projects Open the Issue Tracker app.

Locate an issue in the Issues List

  1. Do any of the following:
    • Enter the title, or partial title, of the issue(s) in the search box.

      Issues that do not match your search are filtered out as you type.

    • Use any of the filters to restrict the issues that display on the page.

      Click Clear to remove any of the applied filters.

    • Click on any column header to sort the issue list by that column in ascending or descending order.
    • Click the project name to view all issues associated with the project.
      Note

      This option is only available in Issue Tracker.

  2. From the Issues tab, click the issue name or from Issue Tracker, click Details beside the appropriate issue.

    Result The Issue Details page opens.

  3. Click the Follow-up & Remediation subtab.

Update remediation details

Update the following fields:

Note

Rich text fields cannot exceed 524,288 characters.

Tip

To enable spell check on rich text fields, do one of the following:

  • Chrome, Firefox, or Safari CTRL + right-click within the field on Windows or Command + right-click on Mac
  • Internet Explorer or Microsoft Edge open your browser settings and turn on spell check / highlighting of misspelled words
Field Description
Overall Status identifies whether the issue is in an open or closed state

Remediation Status

optional

identifies the remediation status of the issue

For example, the issue could be remediated and awaiting verification.

Remediation Plan

optional

provides a description of the remediation plan in detail

Remediation Deadline

optional

specifies a deadline for the issue to be remediated by

Actual Remediation Date

optional

specifies the date the issue was actually remediated

Record retesting information

  1. Click the Retest Information subtab.

    The Retest Information tab allows you to retest an issue and record any subsequent findings, including whether or not the issue has truly been remediated.

  2. Update the following fields:
    FieldDescription

    Retest Deadline Date

    optional

    specifies a deadline for the issue to be retested by

    Actual Retest Date

    optional

    specifies the actual date when the issue was retested

    Retesting Results Overview

    optional

    a description about the retesting results

  3. Optional. Under Attached Retesting Documentation, upload any necessary files.

    For more information, see Working with attachments.

    Note

    For security reasons, Diligent One does not accept file attachments with the following extensions: .bat, .com, .dmg, .exe, or .scr.