Previous Topic: Modify Existing Business Policy RulesNext Topic: Import and Export

Client Tools GuideAudit MenuCheck Policy ComplianceRunning Business Policy Compliance Checks

Running Business Policy Compliance Checks

To run a Compliance check

  1. Open the relevant configuration file and choose Audit, Business Policy Compliance Check from the menu bar or use the Ctrl + B keyboard shortcut.

    The Business Policy Compliance Check window opens.

  2. The following options can be implemented from this window:
    BPR Files check box

    Mark only the Business Policy file(s) that will be run in the BPR Files list.

    Test BPR Consistency

    Tests the BPR rules of the policy file for errors before performing the run. However, even if a policy file is run without first performing this check, verification will be performed during the run process (when the Test for Violations button is pressed), and any errors will be displayed for handling.

    Add Policy

    Enables adding a policy file not already on the list.

    Remove Policy

    Enables removing a policy file currently on the list.

    Test for Violations

    Runs the marked policy file(s) on the currently selected CA GovernanceMinder configuration. Verification is performed before the actual run, and any errors are displayed for handling.

    Maximum number of alerts generated for each Rule

    Limits the number of alerts generated per BPR rule. An “alert” is a record that is designated as “suspected” in the resulting AuditCard (Figure 146). Sometimes, an alert generates other alerts that are dependent on it. Putting a limit on the number of alerts restricts the number of total alerts generated and enables the Role Engineer to focus on basic alerts or suspected records.

    Maximum number of alerts generated for each Entity

    Limits the number of alerts generated for each entity.

Generate an AuditCard with the Compliance Module

Compliance BPR rules are written to find exceptions, which can then be examined by the relevant administrator or auditor to determine their validity in the context of the audited system. After determining and verifying Business Process rules in the selected Business policy files, click Test for Violations in the Business Policy Compliance Check window.

An AuditCard is generated.

The AuditCard provides a list of “suspected” violations of the policy-defined rules as applied to the specific configuration. The format of the Compliance AuditCard is similar to the format of the AuditCard generated by running pattern-based audit functions. However, there are differences.

Refer to the following table:

Name

Description

Status

The AuditCard provides a list of “suspected” violations of the Role Engineer -defined rules as applied to the specific configuration.

ID

An incremented number that shows the number of the suspected records within the “suspected” list generated in the Compliance AuditCard.

Date/Time

Date and time that the record was generated.

Audit Code

The Audit Code column lists the group and specific restriction of the record.

First Entity

The user detected by the Compliance module to whom the rule applies.

Second Entity

The left entity as recorded in the Compliance window.

Third Entity

The right entity as recorded in the Compliance window.

Score

Not relevant for Compliance AuditCard.

Description

Description of rule as recorded by the Role Engineer when rule was created.

More information:

Running Business Policy Compliance Checks