The IT GRC Process Management Pack includes predefined IT GRC control and risk management reports that can help you manage IT GRC controls and risks in your organization. One set of reports is specifically designed for control management, one set for program management, and another set for risk management.

These reports provide IT GRC status at a program level, control objective level, control activity level, and risk level. The reports also include hyperlinks to subordinate reports that provide information about the configuration information for individual programs, control objectives, control activities, and risks.

You can run IT GRC management reports in the Reporting pane in the System Center Service Manager console. The IT GRC management reports are generated by the SQL Reporting Services, which is installed on the System Center Service Manager Data Warehouse Server.

The parameters for running each report can be configured through the Parameter Control Header section of each report. For example, you can specify to filter report results by a specific IT GRC program in the “Parameter Control Header” section of the Control Management Progress Report.

Use the information in the following three tables along with the instructions “To Run an IT GRC Management Report” to view information about your program, controls, and risks.

View the control activities in your program.

Information needed

Value

<report_category>

Control Management

<report_name>

Control Activity List Report

<report_parameter>

Program = “Credit Card Processing Compliance Program”

Tip
You can click on the hyperlinked Control Activity ID in the first column of the report to see details of a specific control activity using the subordinate Control Activity Detail report.

View the control objective for the automated control activity “Configure Password Attributes.”

Information needed

Value

<report_category>

Control Management

<report_name>

Control Objective Details Report

<report_parameter>

Control Objective Name = “Password Attributes”

View the complete list of risks in your IT GRC management system.

Information needed

Value

<report_category>

Risk Management

<report_name>

Risk List

To run an IT GRC management report

  1. Click Start, click All Programs, click Microsoft System Center, click Service Manager 2010, and then click Service Manager Console.

    The System Center Service Manager Console starts.

  2. In the Service Manager Console, in the Navigation pane, click Reporting.

  3. In the Reporting pane, go to the Reports/GRC Reports Library/<report_category> location (where report_category is the report category, which is either Control Management or Risk Management).

  4. In the Results pane, click <report_name> (where report_name is the name of the report you want to run).

  5. In the Tasks pane, click Run Report.

    The report you selected is displayed in a new window.

  6. In the “Parameter Control Header” section of the report, select <report_parameters>, (where report_parameters are the report parameters that you want to specify for the report, for example the specific IT GRC program for a report).

  7. In the Tasks pane, click Run Report.

    The report is refreshed and reflects the changes made in the report parameters.

  8. Close all open windows and dialog boxes.

For more information about troubleshooting running reports, see the following sections in the System Center Service Manager Deployment Guide, which is installed as a part of the System Center Service Manager download:

  • “Install a Service Manager data warehouse and data warehouse database”

  • “Troubleshoot data warehouse jobs”

The following table lists the IT GRC program management reports that are included in the IT GRC Process Management Pack and a brief description of each report. The IT GRC control management reports are located in the Reporting/Compliance Reports Library folder.

Report

Description

Program List Report

This report lists the existing IT GRC programs and can be filtered by:

  • Program

  • Owner

  • Status

  • Start date

  • End date

  • Time Zone

Program Readiness Review Status Report

This report lists the readiness status of an IT GRC program and can be filtered by:

  • Start date

  • End date

  • Program

  • Owned by

  • Assigned to

  • Authority document category

  • Authority document

  • Status

  • Category

  • Type

  • Level

  • Priority

  • Review Stage

Program Scope Report

This report lists the scope of an IT GRC program and can be filtered by:

  • Program ID

  • Start date

  • End date

  • Time Zone

The following table lists the IT GRC control management reports that are included in the IT GRC Process Management Pack and a brief description of each report. The IT GRC control management reports are located in the Reporting/Compliance Reports Library/Control Management folder.

Report

Description

Control Activity Details Report

This report displays the details of a single control activity.

Control Activity List Report

This report lists control activities in the system and can be filtered by:

  • Program

  • Authority document category

  • Authority document title

  • Start date

  • End date

  • Owned by

  • Status

  • Assigned to

Control Management Change Report

This report displays the changes in control objectives between two points in time as specified in the Start Date and the End Date report parameters. This report allows you to click hyperlinks so that you can see further details about control objects and control actives in the report.

Control Objective Details Report

This report lists the configuration details of a single control objective and is linked from other reports.

Control Objective List Report

This report lists control objectives in the system and can be filtered by:

  • Program

  • Authority document category

  • Authority document title

  • Start date

  • End date

  • Owned by

  • Status

  • Assigned to

Control Objective Progress Report

This report lists the progress of control objectives between two points in time as specified in the Start Date and the End Date report parameters. This report allows you to click hyperlinks so that you can see further details about control objects and control activities in the report.

Managed Entity Result List Report

This report lists the entities that are included as a part of an IT GRC program and can be filtered by:

  • Program

  • Control activity

  • Result start date

  • Result end date

  • Result

The following table lists the IT GRC risk management reports that are included in the IT GRC Process Management Pack and a brief description of each report. The IT GRC risk management reports are located in the Reporting/GRC Reports Library/Risk Management folder.

Report

Description

Inherent Risk Map

This report displays a scatter chart of the risks based on their likelihood to occur (on the x axis) and their impact if they occur (on the y axis). The report is divided into four quadrants which represent the risk classification and helps identify the top risks.

Residual Risk Map

This report displays a scatter chart of the risks based on the level of control over the risk (on the x axis) and their impact if they occur (on the y axis).The report is divided into four quadrants which represent the risk classification and helps identify the top risks.

Risk Details

This report lists the configuration details of a single risk and is linked from other reports.

Risk List by Rank Report

This report lists risks in the system grouped by Risk Rank and can be filtered by:

  • Program

  • Authority document category

  • Authority document title

  • Start date

  • End date

  • Owned by

  • Status

  • Assigned to

  • Due Date

  • Impact

  • Likelihood

  • Control Level

Risk List Report

This report lists risks in the system and can be filtered by:

  • Program

  • Authority document category

  • Authority document title

  • Start date

  • End date

  • Owner

  • Rank

  • Due Date

  • Status

  • Assigned to

  • Impact

  • Likelihood

  • Control Level

[an error occurred while processing this directive]