Users: Report Types
Overview
IT Audit Machine has several built-in report types designed to marshal the large pool of compliance data and turn it into meaningful information on various aspects of your efforts to achieve compliance. Although each report type presents a different view of the available data, they overlap in some areas and share features designed to make interacting with the reports more efficient and intuitive.
In this section, we will discuss some of the shared report features in ITAM that facilitate manipulating report data, the different types of reports, and their purposes.
Report Features
Several features shared across some Report Types can assist you when viewing the data in a Report.
Data Sorting
The reports that present data in a table format allow the data to be sorted by clicking on the title of a column. The direction of the sort will be indicated by a small blue arrow pointing up for ascending and down for descending. Clicking on the title of a column again will change the direction of the sort using that column.
Data Filtering and Search
The reports presenting data in a table format allow for data filtering by using the Search field at the top left. Typing anything into the Search field immediately filters the data by matching it to any displayed fields.
Saving a data set while filtered will only save the records in the filter. If a report provides more information than you desire, this is a great way to export just the data you are interested in seeing.
Pagination
The reports presenting data in a table format often include pagination at the bottom of the report. When pagination is contained in a report, the data will be grouped into “pages” of 20 records. On the left, the report will denote which records are displayed and the number of available documents. Any filtering affecting the results will be communicated as well. The current page and additional pages will be displayed on the right, representing navigation options for moving to the represented pages. Click on the number of a page to move directly to that page of results.
For larger data sets, you may need to click on a number closer to the page you wish to view and then click on the actual page once it is displayed.
Save As
The reports presenting data in a table format allow the data to be exported in three main formats: CSV, Excel, and PDF. To save in one of those formats, click on the appropriate Save as button, and ITAM will generate an export in that format and initiate a download.
Exporting to CSV or Excel can be an excellent way to use an external spreadsheet program to manipulate the data further or to ingest it into another system.
The export will include only the data in the current filter (i.e., the current search results).
Interactive Charts
Many of the reports include graphical elements and charts. These elements are often interactive, allowing you to gain more detailed information on an element or highlight a specific detail.
On any report with a chart or graph, mouse over the chart and click on data elements. This will often bring up additional information.
Report Header Summary
Many Reports display a header at the top that includes details about when the report was generated and the data source. This is meant to give additional context to the data in the report and quickly allow you to verify that it conveys information from the intended data set.
Report Types
There are ten types of reports provided in the IT Audit Machine. Each is designed to provide an overview of compliance and answer everyday needs you or auditors might have concerning the data in the forms to which your organization has been granted access. The types of reports are listed below, as well as an overview of what data and insights data and insights they provide.
Audit Dashboard
The Audit Dashboard report returns details of auditable actions by both Portal and Administrative users. It is designed to allow for a quick review of the actions taken, including the related timestamp, and can also export the data for review outside of ITAM. There are separate views that detail actions by Administrative Users and Portal Users, respectively.
This report may determine who has taken a particular action in the system or see what auditable actions a user took at a specific time.
Use the Search field to quickly focus the report on a particular user, Form #, or date.
Artifact Management
The Artifact Management Report lists the artifacts associated with the forms the user can access. An artifact is an external file uploaded and associated with the form, like an image or document. It shows the file name of the artifact, the form with which it is associated, and the field on the form, and it contains a link to the field so you can view it directly. This report is designed to allow you to view, in a single place, all of the artifacts on a form so you can quickly see if any artifacts are missing or find a particular artifact related to a specific form.
This report has some interactive features that differ from several other reports. All of the artifact file names are represented as links. Clicking on the file link will display a preview of the file and allow you to download it. The report also includes a Go To Field column for each row. Clicking on the link in that column will take you directly to the field in the form where the artifact was uploaded.
Searching/Filtering on part of a Form Name or on a Form ID is a great way to limit the results down to those related to a particular form.
Compliance Dashboard
The Compliance Dashboard report displays an entity’s calculated compliance percentages against the selected forms as a current snapshot and over time. Compliance is based on the status of the fields in the selected forms. Each field in a form can be set to be in one of four statuses: Pending (Gray), In Remediation (Red), In Progress (Yellow), and Compliant (Green). For more information about status indicators and their use, see the Form Status Indicators section of the guide.
The report consists of a header and three main views of the compliance history and status of the chosen entity against the chosen forms. Below the header, the report will display two summary graphs and a detail section for each form.
The top summary graph shows the overall compliance status over time, giving a high-level view of the entity's progress toward compliance. The top line represents the Maturity score, and the bottom is the Risk Score. Each line can be hidden or displayed by clicking on the field in the legend under the chart.
The second summary graph shows the current compliance status in graphical form. The Status Score displays the number of fields in each status, and the score is the ratio of compliant fields to the total number of fields. Risk is calculated based on the score of compliant controls (green) vs less compliant scores. Maturity is a calculation involving risk percentage and the number of compliant fields.
- A higher Status Score is better, showing better progress toward completion and compliance.
- A lower Risk Score is preferable, indicating a lower level of risk in the monitored system.
- A higher Maturity Score is desired, as it shows that an entity has mitigated risk well and has made better progress toward compliance.
Finally, at the bottom is an accordion-type detail that allows viewing the fields in each status state, displayed by the color associated with that status.
Expanding a status will allow you to view the fields in that status.
See the Form Status Indicators page for more details about each status.
Executive Overview
The Executive Overview Report is a high-level version of the Compliance Dashboard, giving the big picture of compliance for the forms selected without the field-level detail. The report consists of a section for each selected form, which gives a timeline and summary of the compliance status. See the section on the Compliance Report for more details about each chart.
The Executive Overview report does not provide details about which field is in which status but provides the same data as the Compliance report.