Index
Overview
The Requests component within the Audit Center module of the Risk & Compliance Suite is designed to streamline and manage the process of requesting and providing information, evidence, or actions related to audits and compliance activities. This component helps ensure that all necessary inputs are gathered efficiently from the correct stakeholders, tracked systematically, and available for audit and review processes.
Effective request management is crucial for conducting thorough audits, gathering evidence for compliance, and ensuring timely responses from various teams within an organization. This guide details how to use the Requests component to manage this lifecycle.
Key Features
Request Creation
Request Templates - Utilize predefined templates for common types of requests (e.g., evidence for a specific control, policy document, system configuration details).
Custom Requests - Create ad-hoc requests with specific details and requirements.
Clear Descriptions - Define precisely what information, document, or action is being requested.
Link to Audits/Controls - Associate requests directly with specific audits, controls, findings, or risks.
Assignment and Workflow
Assign to Individuals/Teams - Direct requests to the appropriate person or group responsible for providing the information or performing the action.
Set Due Dates - Establish deadlines for responses to ensure timely completion.
Status Tracking - Monitor the status of each request (e.g., Open, In Progress, Submitted, Approved, Rejected, Closed).
Notifications and Reminders - Automatically notify assignees of new requests and send reminders for approaching deadlines.
Response Management
Secure Submissions - Allow assignees to respond directly within the system, attaching documents or providing textual information.
Evidence Attachment - Facilitate the upload and linking of supporting evidence.
Version Control (for documents) - If integrated, manage versions of submitted documents.
Clarification Threads - Enable communication between the requester and assignee to clarify request details.
Review and Approval
Review Workflow - Define a process for reviewing submitted responses to ensure they meet the request's requirements.
Approve/Reject Responses - Allow reviewers to accept or reject submissions, providing feedback if necessary.
Re-assignment/Re-opening - If a response is inadequate, re-open the request or re-assign it for further action.
Reporting and Audit Trail
Request Log - Maintain a comprehensive log of all requests, their statuses, assignees, and due dates.
Audit Trail - Track all actions taken on a request, including creation, assignment, submission, and review.
Performance Metrics - Generate reports on request turnaround times, overdue requests, and assignee responsiveness.
Getting Started
To begin using the Requests component:
Access Requests: Navigate to the Audit Center, then select the Requests component. Requests can often be initiated directly from an audit, control, or finding record.
Create a New Request:
Click "New Request".
Select a template or create a custom request.
Provide a clear title and a detailed description of what is needed.
Link the request to the relevant audit, control, or other item if applicable.
Assign the Request: Assign the request to the individual or team best equipped to fulfill it.
Set a Due Date: Specify when the response is needed.
Monitor Progress: Track the status of the request. Assignees will be notified and can update the status as they work on it.
Review Submissions: Once a response is submitted, the requester or a designated reviewer should examine it for completeness and accuracy.
Approve or Reject: If the response is satisfactory, approve it and close the request. If not, reject it with feedback and potentially re-open or re-assign it.
Best Practices
Creating Requests
Be Specific and Clear - Ensure the assignee understands exactly what is needed.
Provide Context - Explain why the information or action is required.
Set Realistic Deadlines - Give assignees adequate time to respond thoughtfully.
Assign to the Right Person/Team - Avoid unnecessary re-assignments.
Use Templates for Consistency - Standardize common requests.
Fulfilling Requests
Respond Promptly - Acknowledge receipt and address requests in a timely manner.
Be Thorough and Accurate - Provide complete and correct information.
Attach Supporting Evidence - Ensure all necessary documentation is included.
Ask for Clarification - If a request is unclear, seek more details before proceeding.
Communicate Delays - If unable to meet a deadline, inform the requester proactively.
Reviewing Responses
Review Promptly - Don't let submitted responses linger without review.
Be Objective - Evaluate responses based on the original request requirements.
Provide Constructive Feedback - If rejecting a response, clearly explain why.
Maintain an Audit Trail - Ensure all decisions and communications are logged.
Troubleshooting
Common Issues
Vague or Ambiguous Requests: Assignees are unsure what is being asked.
Incorrect Assignments: Requests are sent to the wrong people or teams.
Missed Deadlines/Slow Responses: Requests are not fulfilled in a timely manner.
Incomplete or Inaccurate Responses: Submissions do not meet the request's needs.
Lack of Follow-up: Overdue requests or rejected responses are not pursued.
Getting Support
If you encounter issues with the Requests component:
Refer to the in-app help documentation for feature-specific guidance.
Consult your organization's internal procedures for information gathering and communication.
Contact your system administrator or the AskInfosec support team for technical assistance.
Conclusion
The Requests component streamlines the critical process of information and evidence gathering for audits and compliance. By providing a structured way to create, assign, track, and review requests, it helps ensure that auditors and compliance managers get what they need, when they need it, from the right people. This contributes to more efficient audits, better-supported findings, and a stronger overall governance process.
Last updated