Overview of entity properties
Who is this article for?
Users working with entity properties.
No special access or permissions are required.
This article explains the properties available for entity controls, objectives, processes, risks, and tests, including their definition, assessment and execution fields.
Entity control properties
Entity control properties are organised into Definition, Assessment, and Execution sections.
Definition
| Property | Description |
|---|---|
| Ref | Reference number for the control. |
| Title | Title for the control. |
| Description | Description for the control (rich text format). |
| Principles | Pair of segmentations called Principles and Components. |
| Components | List of components is a calculated field which is set to the distinct list of items covered by the selected principles. |
| Category | Assign to a specific category to group. Pick list is editable in Segmentations. |
| Type | Assign to a specific type to group. Pick list is editable in Segmentations. |
| Accounts | Financial accounts relevant to this risk. By default this list is drawn from accounts already linked to the risk's parent process. |
| Assertions | Claims to be tested in relation to this risk in the course of an audit. Pick list is editable in Segmentations. |
| Importance | Assign a specific importance to group. Pick list is editable in Segmentations. |
| Frequency | Assign a specific frequency to group. Pick list is editable in Segmentations. |
| Business Owner | Relevant contact in the organisation, usually the person responsible for the control. |
| Business Reviewer | Behaves similarly to the Business Owner and can be used to specify which individual is responsible for reviewing that record. The field populates from Contacts by default and will cascade from parent to child objects (hidden by default). |
| Locked | Tick if you wish to prevent the definition from being modified within an audit. |
| Audit Types | Functionality for the auto population of ORCTs into an audit. |
| Active State | Set current status as Draft, Live, or Closed. |
| Due Date | Date when external assessment is due. Removed if the current external assessment is cleared. Editable even if the record is locked |
| Notified Date | Date when Owner was notified of item. Removed if the current external assessment is cleared. Editable even if the record is locked. |
| Respond By Date | Date by when there should be an external assessment. Removed if the current external assessment is cleared. Editable even if the record is locked. |
Assessment
| Property | Description |
|---|---|
| Score | Result of the assessment, presented as a score. |
Execution
| Property | Description |
|---|---|
| Comments | Comments on the control (rich text format). |
| Review State | Shows whether the control has been reviewed. |
| Cross References | Analogous to a hyperlink where you are able to create a link to a record within the system that is of related interest. |
Note
Linked controls can also be added in the Library.
Creating multiple assessments
You can create as many assessments as required to either a risk or control. When a new assessment is made the assessment history will be saved and available for future reference.
Entity objective properties
Entity objective properties are organised into Definition and Execution sections.
Definition
| Property | Description |
|---|---|
| Entity Process | Area where the unit of work (objective) is located (i.e. cell of the universe matrix). |
| Sub-Process | Link to the sub-processes segmentation which is dependent on process. |
| Ref | Reference number for the objective. |
| Title | Title for the objective. |
| Description | Description for the objective (rich text format). |
| Category | Assign to a specific category for grouping. Pick list is editable in Segmentations. |
| Business Owner | Relevant contact in the organisation, usually the person responsible for the objective. |
| Business Reviewer | Behaves similarly to the Business Owner and can be used to specify which individual is responsible for reviewing that record. The field populates from Contacts by default and will cascade from parent to child objects (hidden by default). |
| Default | Functionality for the auto population of ORCTs into an audit. |
| Locked | Tick if you wish to prevent the definition from being modified within an entity. |
| Audit Types | Functionality for the auto population of ORCTs into an audit. |
| Post Audit | Work carried out on the objective post-audit. |
| Active State | Set current status as Draft, Live, or Closed. |
Execution
| Property | Description |
|---|---|
| Comments | Comments on the objective work (rich text format). |
| Review State | Shows whether the objective has been reviewed (Not Reviewed, Reviewed, or Changed). |
| Cross References | Analogous to a hyperlink where you are able to create a link to a record within the system that is of related interest. |
Entity process properties
Entity process properties are organised into Definition, Certification, and Execution sections.
Definition
| Property | Description |
|---|---|
| Name | Entity process names cannot be changed since they are derived from the process and entity that combine to form the entity process. |
| Accounts | Financial accounts relevant to this Risk. By default this list is drawn from Accounts already linked to the Risk's parent Process. In the event of significant changes to Accounts mapped to Processes in the Library you can use the Refresh Process feature to pull this information into the corresponding Entity Processes. |
| Owner | Staff member in the organisation. |
| Business Owner | Relevant contact in the organisation, usually the person responsible for the process. |
| Budget Effort | Budgeted number of days or hours of effort spent on the audit. |
| Audit Frequency | Used as part of the audit scheduling calculation (Scheduling Reference Date + Audit Frequency = Suggested Planned Audit Date). |
Certification
This section is only valid on audits with Certifications enabled.
| Property | Description |
|---|---|
| Certification State | Confirm if the process has been certified. |
| Certified By | Person who provided the certification. |
| Certified Time | Time the certification was provided. |
| Certification Comments | Comments left by the certifier. |
Execution
| Property | Description |
|---|---|
| Comments | Comments on the process (rich text format). |
| Cross Refernces | Analogous to a hyperlink where you are able to create a link to a record within the system that is of related interest. |
Entity risk properties
Entity risk properties are organised into Definition, Assessment, and Execution sections.
Definition
| Property | Description |
|---|---|
| Objective | Parent objective. |
| Ref | Reference number for the risk. |
| Title | Title for the risk. |
| Description | Description for the risk (rich text format). |
| Category | Assign the risk to a specific category to group the risks. Pick list is editable in Segmentations. |
| Type | Assign the risk to a specific type to group the risks. Pick list is editable in Segmentations. |
| Accounts | Financial accounts relevant to this risk. By default this list is drawn from accounts already linked to the risk's parent process. |
| Assertions | Claims to be tested in relation to this risk in the course of an audit. Pick list is editable in Segmentations. |
| Business Owner | Relevant contact in the organisation, usually the person responsible for the risk. |
| Business Reviewer | Behaves similarly to the Business Owner and can be used to specify which individual is responsible for reviewing that record. The field populates from Contacts by default and will cascade from parent to child objects (hidden by default). |
| Locked | Tick if you wish to prevent the definition from being modified within an entity. |
| Audit Types | Functionality for the auto population of ORCTs into an audit. |
| Active State | Set current status as Draft, Live, or Closed. |
| Due Date | Date when external assessment is due. Removed if the current external assessment is cleared. Editable even if the record is locked |
| Notified Date | Date when Owner was notified of item. Removed if the current external assessment is cleared. Editable even if the record is locked. |
| Respond By Date | Date by when there should be an external assessment. Removed if the current external assessment is cleared. Editable even if the record is locked. |
Assessment
| Property | Description |
|---|---|
| Inherent Score | Result of the assessment, presented as an inherent score. |
| Residual Score | Result of the assessment, presented as a residual score. |
Execution
| Property | Description |
|---|---|
| Comments | Comments on the risk (rich text format). |
| Review State | Shows whether the risk has been reviewed. |
| Cross References | Analogous to a hyperlink where you are able to create a link to a record within the system that is of related interest. |
Creating multiple assessments
You can create as many assessments as required to either a risk or control. When a new assessment is made the assessment history will be saved and available for future reference.
Entity test properties
Entity Test properties are organised into Definition and Execution sections.
Definition
| Property | Description |
|---|---|
| Ref | Reference number for the test. |
| Title | Title for the test. |
| Description | Description for the test (rich text format). |
| Type | Assign the test to a specific type to group the tests. Pick list is editable in segmentations. |
| Business Owner | Relevant contact in the organisation, usually the person responsible for the test. |
| Business Reviewer | Behaves similarly to the Business Owner and can be used to specify which individual is responsible for reviewing that record. The field populates from Contacts by default and will cascade from parent to child objects (hidden by default). |
| Result Set | Set the possible outcomes of the test. These outcomes can be modified through the Admin module. |
| Sample | List of what samples the test is linked to. |
| Automatic | Whether or not the test result is automatically calculated from the sample. |
| Locked | Tick if you wish to prevent the definition from being modified within an entity. |
| Audit Types | Functionality for the auto population of ORCTs into an audit. |
| Active State | Set current status as Draft, Live, or Closed. |
Execution
| Property | Description |
|---|---|
| Result | Result of the test carried out. The selectable results in this field are set by the selected Result Set (type of normal, alert, or problem). |
| Result Description | Additional result details (rich text format). |
| Review State | Shows whether the test has been reviewed. |
| Cross References | Analogous to a hyperlink where you are able to create a link to a record within the system that is of related interest. |