FAQ
Frequently Asked Questions About Practical Compliance Manager
Practical Compliance Manager - Frequently Asked Questions
System
Is my information secure?Yes. As a security and compliance organization the security of our client's information is our first concern.
In planning Practical Compliance Manager, information security was a priority. We evaluated various options from building our own infrastructure, leasing collocated servers, application providers and various other configurations.
Our evaluation found that using a trusted application provider delivers our clients the highest level of security, availability and stability. We have partnered with a proven provider who handles thousands of financial transactions per day. Our hosting environment is balanced across multiple servers and is backed up every 8 hours. Our hosting provider has a dedicated security team and we maintain copies of all of their compliance documentation.
Our hosting provider performs regular compliance and security assessments and we carefully review the results. Our provider's most recent assessment found no significant deficiencies and received Excellent ratings in most areas.
How is access to the system secured?All users must have an individual user account. User accounts are verified by an email verification process. User accounts must meet strong password requirements and must be changed every 90 days. Enterprise clients have the ability to define their own password requirements for length, complexity and forced change duration.
User passwords are only known by the user. Password resets are systematically handled and no technical support is required.
The system can only be accessed from authorized IP addresses. IP address filtering rules are configured at set up time. Remote access is provided by connecting through your company network or through the optional Practical Compliance Remote Access Gateway.
When can I access my information?
The system is a high availability platform that is accessible from authorized locations 24 X 7. System resources are balanced across multiple servers to ensure high availability.
Managing Your Compliance Program
The system supports COSO and COBIT control structures 'out of the box', can I use other control frameworks or structures?
Yes. The system uses COSO and COBIT to create an organized structure by default. If your organization uses a different structure we can leverage COSO and COBIT by mapping your structure to the COSO and/or COBIT, or we can use your structure as the base.
The system provides a flexible mechanism to use any control structure you wish. Regardless of the control structure you choose to use, the Practical process, workflows, documentation tools and reporting will work seamlessly.
Can we provide different levels of access for Audit, Corporate Governance, IT Goveranance, Finance and employees?
Yes. The system uses roles to define levels of access, views and permissions for each user. Roles are set up based on job description and let us lock down access and read/write/view permission down to individual fields.
The workflow process allows different users to view and update different aspects of a function as is appropriate for their position. For example, an employee documents a compliance task performed and uploads a report as evidence documentation; their manager can review and approve the information and make comments in select fields; when the task is approved by the manager it can go to the audit group for additional review and approval with audit notes in fields that only they can see.
How does the system help me automate audit evidence and documentation?The system maintains your Compliance Calendar. This is the schedule of key compliance tasks to be performed by your team throughout the year to ensure compliance with business, financial and IT controls. This includes performing scheduled reviews, reporting due dates, log file documentation, etc. Each of these tasks create important pieces of evidence that will be needed at audit time. When a task is coming due the owner of the task gets a notice that their task is about to be due. The task includes instructions on what is required, how to perform the task, and what documentation is expected. There is a link in the task that connects them to the system and opens the task. The task status is updated, notes are recorded and evidence documentation is uploaded to the task.
Through this process, a centralized documentation archive is created. Each task is categorized and grouped by the control, business resource, the functional area, the system (for IT controls) and the performer. This allows us to quickly retreive all information and evidence for a control, person, system, key account or functional area at audit time. Being able to deliver an organized, central repository for all activities for the year cuts down on audit hours and costs and significantly streamlines the audit and governance process.
Dashboards and Reporting
Can each role have a different dashboard?
Yes. Dashboards are customized for each role to provide the user quick access to the information that is important to their job function. Summary reporting, task lists and workflow status can all be built into a dashboard for each role.
Can I create my own reports?
Yes. Each user can create an unlimited number of personal reports. The 'point and click' reporting functionality makes it simple and easy for users to set up their own reports.
Personal reports that users find useful can be converted to group reports for no charge by Practical Compliance Initiative tech support.
Can I receive reports by email?
Yes. Reports can be individually emailed from an Email button on every report. Reports can also be 'subscribed to' which will automatically email the report to the user on a daily, weekly, monthly, quarterly or annual basis. Reports can also be set up with 'triggers' to email the report when a particular event or timeframe happens, for example when a test is failed, an exception is logged, or when a task is more than 10 days over due.
Can I limit access to reports?Yes. Report access is limited to roles. Reports access can be granted to everyone or only to specific roles. Roles with restricted views access for certain fields will only see the information they have permission to view.
Can I exchange report information with other systems?
Yes. The system can generate structured XML feeds that provide you the ability to exchange information with your systems.
Support
How do I get application support?
Support is included in your Practical Compliance Manager agreement. Support is available through our technical support line and via email. Your account executive will provide you with support procedures and contact information at setup time.
How do I change a report from Personal to Shared?
The technical support desk can convert a Personal report to a Shared report.
I need help creating a report?
The technical support team can help you set up your report or set it up for you. You can email technical support the information you want in your report and they will contact you when it is ready. The report will show up in your Practical Compliance Manager view automatically.
How do I add new users?
Technical support can add new users to your Practical Compliance Manager system. The number of authorized users in your Practical Compliance Manager system is defined in your contract. Additional users can be added based on the schedule defined in the contract.
