Assessments provide the business with an evaluation of risk, requirements, and control effectiveness at a point in time. They are used to determine compliance, identify vulnerabilities, raise awareness, and prioritize investment in the areas that will have the most impact. For this process to be effective, assessment data needs to be recent and reflect change over time. An audit from three years ago provides some data but may no longer be accurate. An assessment from two weeks ago may be accurate but doesn’t indicate whether risk levels are rising or falling. In order to keep information current, continuous assessments are needed.
Continuous assessments are an evolution of periodic assessments. They allow the compliance team to reassess requirements, controls, and overall risk for any given assessment without needing to launch an entirely new assessment. This enables assessments to remain up-to-date without being tethered to a reporting period. Only members of the Compliance Team user group can launch a continuous assessment.
To launch a continuous assessment:
Log into a user account that's been added to the Compliance Team user group.
Click the dropdown in the nav bar > Compliance Management.
Click the Monitor tab.
Click an assessment in the Monitoring state in the Compliance Assessments in Monitoring section to open the Review and Reassess Compliance Requirements form.
Users can perform bulk reassessments on requirements and controls within segments of the larger assessment by clicking a compliance framework, topic, or sub-topic in the navigation tree to the left. Users can also view the below reports on topics or sub-topics as well.
Optional: In the Compliance Assessment Reports section, click any of the following buttons to view a report with further detailed information:
Requirement and Control Matrix: Displays an overview of all requirements and controls attached to the assessment.
Risk Report: Displays an overview of all of the assessment's associated requirements and their overall risk level.
Results by Regulator: Displays all the inherent and residual risk for each regulator attached to the assessment.
Optional: In the Status Reports section, click any of the following buttons to view a report with further detailed information:
Requirement and Control Status Report: Lists each requirement and control attached to the assessment as well as their respective status.
Issues & Actions Report: Lists each issue and corrective action attached to the assessment as well as their respective status
Navigate to the Assessment Management section.
Click Reassess. The assessment will return to the In Progress state, requirements in the Monitoring state will return to the Pending Assessment state, and controls in the Complete state will return to the Assessment state.
In order to maintain complete records, it's recommended that all outstanding issues on an assessment are closed before reassessing.