I know if I create a Compliance Analysis Finding, I can then go to the Compliance Management Dashboard, select my Third Party/Compliance Framework, select Manage > “Analyze”, then click “Edit Analysis” icon next to the specific row, and then either:
Under the General tab, add a Mitigation Project
Under the Findings tab, add one or more Compliance Findings.
This seems like a long process. I would envision at the time I create a Compliance Analysis Finding, there should be a box where I can associate one ore more Compliance Package items, and another box where I can add any mitigation projects.
Also, totally separately, but our auditors tend to give their own risk ranking to their findings. I have been tracking these as a tag, but would it make sense to have a field for “Risk” under a Compliance Analysis Finding?
Apologies for reviving an old thread, but my Feature Request is very similar.
The addition of the “Affected Compliance Items” is great for when someone “external” has undertaken the audit and has presented you with a list of Findings - very straight forward workflow for this.
Could I request for you to consider another scenario/workflow to add Compliance Findings please?
Scenario being, a user who is using Eramba to do an audit/gap analysis whilst stepping through items in Compliance Analysis. Would be a real time saver if there was also an “Add” button in the “Findings” tab when Editing a “Compliance Item”:
