What is a Master Control?
A compliance objective is a specific question or goal set by an organization to ensure that it meets legal, regulatory, or policy standards. Master Controls are crucial for maintaining an organisation's integrity and legal standing, helping to manage risks and ensuring that business practices align with applicable laws and regulations.
Master Control in BoardX
In BoardX, master controls are structured uniquely to enhance clarity and ease of management:
Question-Form Format:
Master Control in BoardX are phrased as questions rather than statements. This format facilitates easier recall and helps users assess whether they are meeting specific objectives. For example, a master control might be, "Is personal data collected for specified, explicit, and legitimate purposes?" This approach prompts a direct evaluation of practices against the objective.
Cross-Mapping to Multiple Citations:
Each Master Control in BoardX is cross-mapped to multiple citations across different Authority Frameworks. This strategy streamlines the compliance process by eliminating control duplications. By linking a single master control to relevant aspects of various regulations, BoardX ensures comprehensive coverage without redundancy in controls and assessments.
The Master Control Page
The Master Control Page
Here's a comprehensive breakdown of each part of the Master Control page to enhance your understanding of its features and functionalities within a GRC system:
Master Control Page Header
Record Number: A unique identifier for each Master Control, usually starting with "MAC".
Record Type: Specifies the category of the record as a Master Control.
Compliance Score: A metric representing the ratio of compliant controls to the total controls linked to the Master Control. It measures how well the organisation meets specific compliance requirements.
Control Classification: The type of control associated with the objective, which can be Preventative, Detective, or Reactive:
Preventive: Controls designed to prevent violations or incidents before they occur.
Detective: Controls aimed at detecting issues after they occur.
Reactive: Controls that respond to and rectify issues after detection.
Next Cycle Launch Date: The scheduled date for the following review or audit of the Master Control, calculated based on the last control launch date and control frequency.
Overview Tab
Assessment Tasks Summary:
Two pie charts show the status of all Assessment Tasks and Indicator Tasks associated with this compliance objective.
A list of Control Assessment Tasks corresponds to the pie chart above, clearly stating the task state, assignee, status, due date, and creation date.
Details Tab
Master Control Details
Name: The title of the Master Control, clearly identifying its purpose.
Description: A detailed explanation of the Master Control, outlining its scope and importance.
Category: This option allows for categorization of the Master Control. Categories can be selected from a dropdown menu and customized via the settings page.
Control Set-up
All Controls: Specifies the controls that are directly linked to the Master Control. These controls enforce or support the objective.
Control Frequency: Defines how often the controls are reviewed or tested. This frequency determines the regularity of compliance checks.
Cycle Launch Date: Marks the initial date when the control is first implemented or sent out.
Classification: Indicates the type of control (Preventative, Detective, or Reactive), helping to align the control strategy with risk management needs.
Next Cycle Launch Date: The scheduled date for the subsequent review or implementation of the control, which ensures ongoing compliance.
Entities Tab
On this page, you can link entities or entity groups to this Master Control. This setup ensures that control assessment tasks associated with the Master Control are automatically directed to the appropriate entities or groups. This page displays a list of all entities or entity groups currently linked to the Compliance Objective, providing a clear view of who is involved.
Mapping: Entities or entity groups linked to the Master Control are automatically mapped for task distribution.
Task Management: Relevant control assessment tasks are dispatched to these linked entities or groups, ensuring effective compliance management.
Citation Tab
This page displays all the citations that are linked to the selected Master Control. BoardX efficiently cross-maps citations from different frameworks or within the same framework to eliminate duplicate controls, streamlining compliance management.
Custom Linking: Allows you to manually link additional citations from within your system to the Master Control as needed, enhancing the adaptability of your compliance strategy.
Controls Tab:
This page displays all the controls linked to the selected Master Control. It offers a flexible interface with multiple filtering options to help you efficiently manage and review the controls based on specific criteria:
Filtering Options: You can refine the displayed controls by entity, entity group, state, owner, and status, allowing for targeted management and oversight.
Report Generation: Additionally, the page provides functionality to generate reports directly from the control list, enabling comprehensive analysis and documentation of compliance activities.
Control Indicator Tab
This page displays all control indicators added by users for the Master Control. A control indicator is essentially a quantifiable measure used to evaluate the extent to which a control is achieving its intended objective. These indicators are specific, measurable, and relevant to the particular risks the control is designed to mitigate.