Governance (0% completed) |
1 |
Is there a governance framework in place? |
|
2 |
Are roles and responsibilities clearly defined? |
|
3 |
Are the organization’s policies documented? |
|
4 |
Are the policies aligned with regulatory requirements? |
|
5 |
Is a board or committee overseeing governance? |
|
6 |
Are there mechanisms for stakeholder feedback? |
|
7 |
Are KPIs and KRIs defined for governance? |
|
8 |
Is there a periodic review of governance practices? |
|
9 |
Are employees aware of governance policies? |
|
10 |
Is there a governance policy for third-party relationships? |
|
Risk Management (0% completed) |
11 |
Is there a documented risk management framework? |
|
12 |
Are risks identified across all departments? |
|
13 |
Are risk registers updated regularly? |
|
14 |
Is a risk matrix used for prioritization? |
|
15 |
Are KRIs tracked effectively? |
|
16 |
Is there a process to escalate critical risks? |
|
17 |
Are risk mitigation plans developed for key risks? |
|
18 |
Are there regular risk assessments conducted? |
|
19 |
Are incidents linked back to identified risks? |
|
20 |
Is there a business continuity plan in place? |
|
Compliance (0% completed) |
21 |
Are compliance requirements for your industry identified? |
|
22 |
Are compliance obligations tracked in a centralized system? |
|
23 |
Are compliance policies regularly reviewed? |
|
24 |
Is there evidence management for compliance audits? |
|
25 |
Are staff trained on compliance requirements? |
|
26 |
Are compliance violations documented and reviewed? |
|
27 |
Is there a process for reporting compliance breaches? |
|
28 |
Are all third-party contracts reviewed for compliance? |
|
29 |
Are regulatory updates monitored and integrated? |
|
30 |
Is there a compliance calendar to track deadlines? |
|
31 |
Is there an internal audit plan in place? |
|
32 |
Are external audits conducted periodically? |
|
33 |
Are audit observations documented? |
|
34 |
Is there a process to track audit remediation? |
|
35 |
Are risk-based audit approaches implemented? |
|
36 |
Is there a mechanism to audit third-party compliance? |
|
37 |
Are audits aligned with regulatory requirements? |
|
38 |
Are audit results communicated to senior management? |
|
39 |
Is audit data stored securely? |
|
40 |
Are audit timelines adhered to consistently? |
|
Additional Components (0% completed) |
41 |
Is the organization using a centralized GRC platform? |
|
42 |
Are workflows automated for key GRC processes? |
|
43 |
Are evidence and documentation version-controlled? |
|
44 |
Is the organization tracking its maturity level for GRC? |
|
45 |
Are incidents linked to their resolutions in the system? |
|
46 |
Are all assets registered and risk-assessed? |
|
47 |
Are third-party risks integrated into GRC workflows? |
|
48 |
Are employees engaged in governance and compliance awareness? |
|
49 |
Is there a ticketing system for GRC-related issues? |
|
50 |
Are reports customized to meet management requirements? |
|