Managing POA&M Reports

Owned by Christopher Rushing (Unlicensed)
Last updated: Jan 27, 2023
5 min read

Contents

Overview

Plans of Action and Milestones (POA&M) are used in many different regulatory environments to document what is necessary to either achieve compliance or improve the level of an organization’s compliance.

POA&Ms are available in the IT Audit Machine as a type of Form with some advanced automations.

Before the IT Audit Machine can start generating POA&M reports, an Administrator must configure the form to generate the appropriate reports from a template.

In this section of the guide we will cover the steps needed to configure the POA&M reports in an instance of ITAM. We will also look at the ways an Administrator can interact with a POA&M form.

Associating POA&M form with a Template

First, in the Form Manager, find and expand the Plan of Action and Milestones (POA&M) form and click the Edit icon.

This will bring up the Form Builder tool.

For more information about editing forms, see the Form Builder section of the Administration Guide

On the right-hand side of the Form Builder, select the Form Properties tab in the tool box. At the bottom of the Form Properties, select the show more options link at the bottom.

Scroll down through the additional options presented until you find the Template Options. Make sure only the Enable Uploading Templates option is selected. Upload the POA&M template you will use to generate the POA&Ms from the system by clicking Upload Files and selecting the template file from your system.

A default template can be requested from Continuum GRC.

Once the template is uploaded, click the Save or Sync and Save button to save the changes.

Adding Logic for auto-generating POA&M Reports

Next, in the Form Manager, expand the Plan of Action and Milestones (POA&M) form again and click the Logic icon.

This will bring up the Form Logic interface for the POA&M form. Find the option for Enable Rules to generate POAM reports and check the box next to the text. This will bring up the ability to select where the POA&Ms will go. Set entries where the POA&M Current Status field is Open to go into the OPEN tab, and the entries where it is Closed to go into the CLOSED tab.

Once the logic for both the OPEN and the CLOSED tabs is set, it should look similar to this.

The template name should reflect the name of the template which was uploaded earlier.

Once both sets of logic have been defined, click the Save Settings button to save the changes. ITAM is now ready to generate POA&M forms for your organization.

Working with POA&M forms

Adding POA&M entries

As an Administrator, you may not add entries for the POA&M associated with a particular entity. Instead, entries created by an Administrator will become a separate POA&M.

Navigate to the Form Manager interface and locate the Plan of Action and Milestones (POA&M) form. Expand the form and click on the Edit button.

Input the data for the POA&M entry. Once you are satisfied with your entry, click the Submit button to save your entry. This will save the entry and generate a POA&M based on the current entries.

Continue entering your POA&M entries until you have completed the entries you desire to enter.

Editing POA&M entries

POA&M Entries are edited like any other Form. As an Administrator, you are able to edit your own entries as well as the entries created by users. This allows an Administrator to facilitate the updating of an existing POA&M.

The easiest way to edit a POA&M is to use the Entries icon located above the POA&M form. Select the Plan of Action and Milestones (POA&M) form to expand it and click on the View button.

This will display the Admin view of the existing entries for the form.

Click on the entry you wish to edit and click the Edit Entry Data button to pull up the form populated with the data for that entry. Make the desired edits and Submit the form to save the changes.

Viewing POA&M Reports

POA&M Reports are generated every time an entry is submitted. To view the latest report, select the report associated with the most recently updated entry. Click on the link to download a zip file containing the report.

The report is also available from the Entry Detail page for any entry.

In the next section of the guide we will discuss the Report Manager and how it is used to enable and configure reports.

[Previous Topic → Form Status Indicators] Navigation [Next Topic → Report Manager]