Tracking assurance using frameworks

View aggregated assurance scores and associated testing results across multiple projects associated with a framework.

Before you start

Before you can track assurance, you must:

  1. Define risks and controls in a framework.
  2. Import risks and controls to a project.
  3. Enable assurance in the project and framework.

To view aggregated information, you must:

  1. Execute procedures or perform walkthroughs and tests in the project.
  2. Identify issues in the project.

How it works

Assurance is a calculation-based process in the Projects and Frameworks apps, with the final result represented by a percentage. Assurance allows you to benchmark how well an organization is doing in mitigating risk so that resources can be allocated appropriately.

In a framework, you can track assurance and testing results associated with operational risks and controls in multiple projects to develop a dashboard of risk and project outcomes.

As you execute procedures, or perform walkthroughs and tests, the Projects app automatically aggregates testing results from the active projects associated with the framework, and calculates assurance in real-time.

For information on how assurance is calculated, see Calculating assurance for risk.

Example

Tracking assurance across multiple projects

Scenario

Previously, you created a Third Party Risk Management framework, which serves as your repository for the controls you use in multiple projects.

Your team of auditors have been busy testing the design and operational effectiveness of controls in the different projects that are associated with the framework. Now, you want to track overall how well your organization is doing in mitigating risk so that resources can be allocated appropriately.

Process

You navigate to the framework in the Frameworks app and click the Assurance tab.

Result

You are able to view the assurance scores associated with each process, the overall assurance score across all projects associated with the framework, and aggregated testing results.

Permissions

Project Creators, Professional Managers, Professional Users, Oversight Executives, and Oversight Reviewers can track assurance, testing results, and issues across multiple projects associated with a framework.

Track assurance

Track assurance across multiple projects associated with a framework.

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
  1. Open the Frameworks app. The Frameworks home page opens.
  2. Open a framework. The framework dashboard opens.
  3. Click the Assurance tab.
  4. Do any of the following:
    • To view aggregated assurance calculations per objective, see the Assurance column in the table.
    • To view the objective details in the framework, click View next to the appropriate objective.
    • To view the aggregated assurance calculation across all projects associated with the framework, see the Overall Assurance score. For more information on how assurance is calculated, see Calculating assurance for risk.

Track testing results

Track the results of executed procedures (Workplan workflow) or walkthroughs and tests (Internal Control workflow) as well as inherent and residual risk scores.

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.

Track testing results associated with a single framework control

  1. Open the Frameworks app.

    The Frameworks home page opens.

  2. Open a framework.

    The framework dashboard opens.

  3. Click the Sections tab.
  4. Next to the appropriate process, click Go To and select Risk Control Matrix.
  5. Next to View by:, click Control.
  6. Click the control title.
  7. Scroll down the page to the Active projects using this Control section.

    The following information displays:

    • the projects currently using the framework control
    • the aggregate number of passing, failing, and untested controls across all projects associated with the framework
    • the detailed breakdown of passing, failing, and untested controls per project associated with the framework
    • icons indicating if the control assessment is being automated by an assessment driver

      For more information, see Automating control assessments.

  8. Optional. Sync the risk between the framework and the project. For more information, see Syncing projects with Frameworks.

Track inherent and residual risk scores associated with a single framework risk

  1. Open the Frameworks app.

    The Frameworks home page opens.

  2. Open a framework.

    The framework dashboard opens.

  3. Click the Sections tab.
  4. Next to the appropriate process, click Go To and select Risk Control Matrix.
  5. Next to View by:, click Risk.
  6. Click the risk title.
  7. Scroll down the page to the Active projects using this Risk section.

    The following information displays:

    • the projects currently using the framework risk
    • the assessment value for each risk scoring factor, and icons indicating if the risk assessment is being automated by an assessment driver

      For more information, see Automating operational risk assessments.

    • the inherent and residual risk score for the risk per project associated with the framework
  8. Optional. Sync the risk between the framework and the project. For more information, see Syncing projects with Frameworks.

Track testing results across multiple projects associated with a framework

  1. Open the Frameworks app.

    The Frameworks home page opens.

  2. Open a framework.

    The framework dashboard opens.

  3. Click the Assurance tab.
  4. View the following information:
    InformationDescriptionRemarks
    ResultsDisplays the aggregated testing results across all objectives.

    Results are displayed in a stacked bar chart that includes the number of passing, failing, and untested controls.

    If you hover your mouse over a particular bar, the control count displays. The x-axis is dynamically updated for each risk based on the count of controls across all treatment areas.

    Fieldwork Displays objectives across all frameworks, grouped by project.

    You can aggregated count under Passed, Failed, or Not Tested to view the breakdown of testing.

    The following metrics are displayed for each objective:

    • assurance
    • number of passing controls
    • number of failing controls
    • number of controls not tested

Track issues

Track issues associated with a single framework control.

Note

  • Interface terms are customizable, and fields and tabs are configurable. In your instance of Diligent One, some terms, fields, and tabs may be different.
  • If a required field is left blank, you will see a warning message: This field is required. Some custom fields may have default values.
  1. Open the Frameworks app.

    The Frameworks home page opens.

  2. Open a framework.

    The framework dashboard opens.

  3. Click the Sections tab.
  4. Next to the appropriate process, click Go To and select Risk Control Matrix.
  5. Next to View by:, click Control.
  6. Click the title of the appropriate control.
  7. Scroll down the page to the Active projects using this Control section.
  8. View the aggregate number of published issues associated with the walkthrough, test plan, or testing round across all active projects associated with the framework.

    Clicking the number displays a popup that lists all associated issues. You can click on the appropriate issue title to navigate to the details page.