Eramba is one of the best GRCs out there but we are finding one huge issue - The inability to create audit sets with different owners per control.
Let me explain. For Example, say we have a control called AD Password Policy that spells out the requirements for an AD Password Policy. We want to validate this quarterly so currently we can create an audit that is implemented and assigned to a group. This is no problem if you have one service or group to audit. In our case, we have more than 10 services in our compliance program and we want to have each service team submit their own quarterly validation of compliance.
Currently, we would have to duplicate the control once for each service and add the 4 audits per year per control. The control doesn’t change and duplicating creates a management nightmare.
It would be ideal if we could create one control then assign an audit set to one a business unit (AKA services), create multiple sets per control and track the compliance that way.