| Governance (0% completed) |
| 1 |
Is there a governance framework in place? |
|
| 2 |
Are roles and responsibilities clearly defined? |
|
| 3 |
Are the organization’s policies documented? |
|
| 4 |
Are the policies aligned with regulatory requirements? |
|
| 5 |
Is a board or committee overseeing governance? |
|
| 6 |
Are there mechanisms for stakeholder feedback? |
|
| 7 |
Are KPIs and KRIs defined for governance? |
|
| 8 |
Is there a periodic review of governance practices? |
|
| 9 |
Are employees aware of governance policies? |
|
| 10 |
Is there a governance policy for third-party relationships? |
|
| Risk Management (0% completed) |
| 11 |
Is there a documented risk management framework? |
|
| 12 |
Are risks identified across all departments? |
|
| 13 |
Are risk registers updated regularly? |
|
| 14 |
Is a risk matrix used for prioritization? |
|
| 15 |
Are KRIs tracked effectively? |
|
| 16 |
Is there a process to escalate critical risks? |
|
| 17 |
Are risk mitigation plans developed for key risks? |
|
| 18 |
Are there regular risk assessments conducted? |
|
| 19 |
Are incidents linked back to identified risks? |
|
| 20 |
Is there a business continuity plan in place? |
|
| Compliance (0% completed) |
| 21 |
Are compliance requirements for your industry identified? |
|
| 22 |
Are compliance obligations tracked in a centralized system? |
|
| 23 |
Are compliance policies regularly reviewed? |
|
| 24 |
Is there evidence management for compliance audits? |
|
| 25 |
Are staff trained on compliance requirements? |
|
| 26 |
Are compliance violations documented and reviewed? |
|
| 27 |
Is there a process for reporting compliance breaches? |
|
| 28 |
Are all third-party contracts reviewed for compliance? |
|
| 29 |
Are regulatory updates monitored and integrated? |
|
| 30 |
Is there a compliance calendar to track deadlines? |
|
| 31 |
Is there an internal audit plan in place? |
|
| 32 |
Are external audits conducted periodically? |
|
| 33 |
Are audit observations documented? |
|
| 34 |
Is there a process to track audit remediation? |
|
| 35 |
Are risk-based audit approaches implemented? |
|
| 36 |
Is there a mechanism to audit third-party compliance? |
|
| 37 |
Are audits aligned with regulatory requirements? |
|
| 38 |
Are audit results communicated to senior management? |
|
| 39 |
Is audit data stored securely? |
|
| 40 |
Are audit timelines adhered to consistently? |
|
| Additional Components (0% completed) |
| 41 |
Is the organization using a centralized GRC platform? |
|
| 42 |
Are workflows automated for key GRC processes? |
|
| 43 |
Are evidence and documentation version-controlled? |
|
| 44 |
Is the organization tracking its maturity level for GRC? |
|
| 45 |
Are incidents linked to their resolutions in the system? |
|
| 46 |
Are all assets registered and risk-assessed? |
|
| 47 |
Are third-party risks integrated into GRC workflows? |
|
| 48 |
Are employees engaged in governance and compliance awareness? |
|
| 49 |
Is there a ticketing system for GRC-related issues? |
|
| 50 |
Are reports customized to meet management requirements? |
|
