Configuring entity actions
Who is this article for?
Administrators who need to configure entity actions.
Administrator access is required.
Entity actions are one of three distinct action types within the system, created independently of an audit and added to entity ORCTs, incidents, or key issues.
Action types
The system has three action types:
- Universe level - incidents and key issues
- Entity level - actions created independently of audits, linked to entity ORCTs, incidents, or key issues
- Audit level - audit findings that lead to audit actions
All actions are managed centrally in the Action Tracker module and follow standard update cycles.
Audit level actions arise from findings, are assigned during the audit, executed post-audit, and must be approved before closing the audit.
Action parents
Client action parents
The client action parent must be one of the following:
- Incident
- Key issues
Entity action parents
The entity action parent must be one of the following:
- Entity objective
- Entity risk
- Entity control
- Entity test
Configuring action types
Definition tab
The Definition tab contains the following fields:
- Entity/Process: the area where the action is located (cell of the universe matrix)
- Ref: the action reference number
- Title: the action title
- Description: description of the action carried out (rich text format)
- Category: action category, editable in Segmentations
- Priority: high, medium, or low priority (pick list editable in Segmentations)
- Department: department to which this action is assigned
- Owner: person responsible for completing the action
- Interested parties: secondary owners who will track the action but are not involved in it
- Current due date: current due date, editable after creation
- Original due date: original due date, editable after creation
- Effective From date: agreed date from which the action will be effective
- Outcome: whether the action appears in reports (Segmentations)
- Type: whether the action is ultimately tracked (dictates appearance in track action screens)
- Cross References: links to related records within the system (analogous to hyperlinks)
Execution tab
The Execution tab contains the following fields:
- Implementation date: date the action was implemented
- Resolution: state of the resolution (completed/uncompleted in Segmentations)
- Resolution comments: additional comments about the resolution (rich text format)
- Sign off state: whether the action is open/completed/approved (editable only after the action has been added)
- Review state: whether the action has been reviewed
- Completion By: read only and system generated
- Completion Time: read only and system generated
- Approval By: read only and system generated
- Approval Time: read only and system generated
When an entity action is added, its Ref defaults to the same as its parent.
Setting entity/process values
The Action Entity Process is a mandatory field (so it can be tracked) and is set as follows:
- When an action is added to an entity ORCT, it defaults to the same entity process as its parent
- When an action is added to anything else, the entity process is left blank and allows you to select its value. With existing audit actions, you can set the action to any active cell of the audit universe, but the initial list is limited to those within the entity/incident scope
- An audit action entity process automatically defaults to its finding. You can subsequently change this
Configuring outcome defaults
When an entity action is added, the Outcome defaults to the outcome segmentation default value.
In contrast, an audit action uses its parent finding outcome value as its default.
Configuring action permissions
The permissions associated with defining actions relate to three levels: clients (incidents), entities (ORCTs), and audits (findings).
Once actions move to the tracking stage, they all become equal, so the permissions associated with executing actions (and performing action updates) apply to actions of all types.
The finding permissions are audit-level only. Points can be raised against actions of all types, and actions can exist outside the context of an audit.
Read permissions
There are three different read actions permissions:
- Read Client Actions
- Read Entity Actions
- Read Audit Actions
The allowed values for these are:
- None: no access to actions at all
- Owner: where the person is the owner of the action
- Interested: interested parties
- Department: where the person has the same department as the action
- Parent: where the person is authorised to read the client/entity/audit
- Universe: where the person is authorised to read the entity/process cell of the universe
- All: no restriction on actions at all