The IT GRC Process Pack provides two different mechanisms for reporting your IT GRC management program information. A predefined and customized Microsoft Online Analytical Processing (OLAP) compliance data cube that connects to the data warehouse to retrieve data so that you can manipulate it by using Microsoft Excel® in a tabular fashion. More information can be found in the Using Advanced Analyticstopic from Microsoft TechNet.
Several predefined IT GRC control and risk management reports are also provided to help you manage IT GRC controls and risks in your organization. One set of reports is specifically designed for control management, one set for program management, and another set for risk management.
These reports provide IT GRC status at a program level, control objective level, control activity level, and risk level. The reports also include hyperlinks to subordinate reports that provide information about the configuration information for individual programs, control objectives, control activities, and risks.
You can run IT GRC management reports in the Reporting pane in the System Center Service Manager console. The IT GRC management reports are generated by the SQL Reporting Services, which is installed on the System Center Service Manager Data Warehouse Server.
The parameters for running each report can be configured through the Parameter Control Header section of each report. For example, you can filter report results by a specific IT GRC program in the “Parameter Control Header” section of the Control Management Progress Report.
For more information about troubleshooting running reports, see the following sections in the System Center Service Manager Deployment Guide, which is installed as a part of the System Center Service Manager download:
- “Install a Service Manager data warehouse and
data warehouse database”
- “Troubleshoot data warehouse jobs”
Predefined IT GRC Program Management Reports
The following table lists the IT GRC program management reports that are included in the Process Pack for IT GRC and a brief description of each report. The IT GRC control management reports are located in the Reporting/Compliance Reports Library folder.
Report |
Description |
Program Health Dashboard Report |
Added in Service Pack 1, this report provides comprehensive information about the health and status of one or more of your IT GRC programs. This report can be filtered by:
|
Program Incidents List Report |
Added in Service Pack 1, this report lists all compliance incidents related to any control objective, control activity, or risk managed in your IT GRC program. This report can be filtered by:
|
Program Detail Report |
Added in Service Pack 1, this report provides comprehensive information about all attributes of a single IT GRC program and can be filtered by:
|
Program Non-Compliance Report |
Added in Service Pack 1, this report is similar to the Program Detail Report but only displays items that are negatively affecting the health of the program. This report can be filtered by:
|
Program List Report |
This report lists the existing IT GRC programs and can be filtered by:
|
Program Readiness Review Status Report |
This report lists the readiness status of an IT GRC program and can be filtered by:
|
Program Scope Report |
This report lists the scope of an IT GRC program and can be filtered by:
|
Predefined IT GRC Control Management Reports
The following table lists the IT GRC control management reports that are included in the Process Pack for IT GRC and a brief description of each report. The IT GRC control management reports are located in the Reporting/Compliance Reports Library/Control Management folder.
Report |
Description |
Control Activity Score Report |
Added in Service Pack 1, this is the primary report used to view the program’s control activities and their compliance scores. This report can be filtered by:
|
Control Activity Details Report |
This report provides a comprehensive view of a single control activity and can be filtered by:
|
Control Activity List Report |
This report lists control activities in the system and can be filtered by:
|
Control Objective Health Report |
Added in Service Pack 1, this is the primary report used to view the health of your control objectives. This report can be filtered by:
|
Control Management Change Report |
This report displays the changes in control objectives between two points in time as specified in the Start Date and the End Date report parameters. This report allows you to click hyperlinks so that you can see additional details about control objects and control activities in the report. |
Control Objective Details Report |
This report provides a comprehensive view of a single control objective and can be filtered by:
|
Control Objective List Report |
This report lists control objectives in the system and can be filtered by:
|
Control Objective Progress Report |
This report lists the progress of control objectives between two points in time as specified in the Start Date and the End Date report parameters. This report allows you to click hyperlinks so that you can see further details about control objects and control activities in the report. |
Managed Entity Result List Report |
This report lists the configuration items that are included in the scope of your IT GRC program and that are used to calculate a score for their associated control activity. This report can be filtered by:
|
Predefined IT GRC Risk Management Reports
The following table lists the IT GRC risk management reports that are included in the Process Pack for IT GRC and a brief description of each report. The IT GRC risk management reports are located in the Reporting/GRC Reports Library/Risk Management folder.
Report |
Description |
Program Risks Report |
Added in Service Pack 1, this report lists all risks associated with the program or any control objective or control activity managed in your IT GRC program. This report can be filtered by:
|
Inherent Risk Map |
This report displays a scatter chart of the risks based on their likelihood to occur (on the x axis) and their impact if they occur (on the y axis). The report is divided into four quadrants which represent the risk classification and helps identify the top risks. |
Residual Risk Map |
This report displays a scatter chart of the risks based on the level of control over the risk (on the x axis) and their impact if they occur (on the y axis).The report is divided into four quadrants which represent the risk classification and helps identify the top risks. |
Risk Details |
This report lists the configuration details of a single risk and is linked from other reports. |
Risk List by Rank Report |
This report lists risks in the system grouped by Risk Rank and can be filtered by:
|
Risk List Report |
This report lists risks in the system and can be filtered by:
|