Create or Edit an Exception

Create an Exception to document and gain approval for non-compliance with an Audit or Policy.

You can create an Exception from the Exceptions workspace, and also from the Exceptions tab in an Audit or Policy record.

To create or edit an Exception, you must log in to Neurons for ITSM as a GRC Manager.

To create an Exception:

1.Open the Exceptions workspace, or click on the Exceptions tab in an Audit or Policy record.

2.Click New GRC Exception to open a blank GRC Exception form.

If creating an Exception using the Exceptions tab from an Audit or Policy record, the Exception Type and Audit/Policy fields are populated automatically with the Audit or Policy record type and title/name.

3.Enter the information into the fields as required.

•Requester Email and Owner Email auto-populate.

•Status aoto-populates as New.

Mandatory fields are marked with an asterisk.

4.When the status is set to Approving, an email is automatically sent to the Approver, and a record of the approval request appears in the Approvals tab.

5.The approver can vote to Approve or Deny the Exception. The Approver needs to provide approval before the Exception can move to the next step. The approver for the Exception is determined by the Exception Type.

•After you select an Exception Type, a tab is added for that type. If the Exception is created directly from an Audit or Policy record from the Exceptions tab, this field is automatically populated with the record type.

•Based on the Exception Type, an Audit or Policy field is added to choose a record. If the Exception is created directly from an Audit or Policy record from the Exceptions tab, the field is automatically populated with the record title/name.

6.Click Save.

7.In the Details tab, enter the information into the fields as required.

8.Use the Assets, Controls, and Risk Assessments tabs to link supporting records to the Exception.

•Use the Controls tab to create new Controls.

•The Audit/Policy tab displays a summary form of the Audit or Policy. The tab displayed is dependent on the selection made in the Exception Type field.

•The Approval tab displays the approval details. Every Exception must be approved by the Owner of the Audit or Policy.

You can restore hidden tabs using the plus sign (to the right of the tabs).

9.To approve or deny the Exception, from the Action Menu, click Approve my vote or Deny my vote.

10.Click Save.

Click Refresh If changes you made or relevant tabs are not shown in the record after you have saved it.

When an Exception is approved and the Status field is updated to Active, or the Exception is denied and Status field is updated to Denied, the following emails are triggered:

•Approved - an email is sent to the Exception Requester, Exception Owner, Audit Lead or Policy Owner stating the Exception has been approved.

•Denied - an email is sent to the Exception Requester, Exception Owner, Audit Lead or Policy Owner stating the Exception has been denied.

When an Exception record Status field is set to Closed, the record fields are locked, and the record can no longer be edited. The record cannot be reopened.

Edit an Exception

To edit an Exception:

1.Double-click the Exception to open the details.

2.Edit the information as required.

3.Click Save.