AI GRC Report (Alpha)
The AI GRC Report action step generates a Governance, Risk, and Compliance report by analyzing enrichment columns that act as control definitions. Boolean columns where TRUE indicates a violation are automatically detected and analyzed.
Alpha Feature: This feature is currently in alpha testing and is only available to tenants with PreRelease enabled. Functionality may change before general release.
Overview
When you configure an AI GRC Report, the system:
- Scans your enriched dataset for control columns (boolean enrichments)
- Identifies violations where the control value is TRUE
- Calculates compliance rates by control and category
- Generates a heat map showing risk levels
- Optionally exports a detailed case violation list
- Emails the report to specified recipients
This report is designed for compliance officers, risk managers, and process owners who need visibility into control violations and compliance status.
When to Use AI GRC Report
Use AI GRC Report when you need:
- Compliance dashboards showing violation rates
- Control-by-control violation analysis
- Risk level assessment across process controls
- Case lists for remediation tracking
- Automated compliance monitoring
- Audit preparation documentation
How Controls Work
The GRC Report works by analyzing boolean enrichment columns in your dataset:
- Create Control Enrichments: Use the Data Designer to add boolean enrichments that flag violations
- TRUE = Violation: When the enrichment value is TRUE, it indicates a control violation
- Automatic Detection: The GRC Report automatically finds all boolean columns and treats them as controls
Example Control Enrichments
| Control Name | Logic | Violation Condition |
|---|---|---|
| Segregation of Duties | Same person approves and processes | TRUE when violated |
| Approval Missing | No approval activity found | TRUE when missing |
| SLA Breach | Duration exceeds threshold | TRUE when breached |
| Manual Override | Manual intervention detected | TRUE when overridden |
| Missing Documentation | Required document not attached | TRUE when missing |
Report Content
The AI GRC Report includes:
Compliance Dashboard
- Overall compliance rate (percentage of cases without violations)
- Compliance rates by control category
- Trend indicators (if historical data available)
Heat Map by Category
Visual representation showing:
- Green: High compliance (90%+)
- Yellow: Moderate compliance (70-89%)
- Red: Low compliance (<70%)
Control-by-Control Analysis
For each control:
- Violation count and rate
- Most common violation patterns
- Affected case characteristics
- Recommended remediation actions
Risk Level Assessment
Classification of controls by risk:
- Critical: Controls with high violation rates affecting critical processes
- High: Significant violations requiring attention
- Medium: Moderate violations to monitor
- Low: Minor violations within acceptable thresholds
Case Violation List (Excel)
When enabled, generates an Excel spreadsheet containing:
- Case ID
- Control violated
- Violation timestamp
- Related attributes
- Recommended action
This list supports remediation tracking and audit documentation.
Configuration
To add an AI GRC Report to your action, click the + button in the Action Steps section and select AI GRC Report.
Dataset Selection
Dataset to Analyze (Required): Select the enriched dataset you want to analyze. The dataset must have boolean enrichment columns that represent controls.
If no controls are found, ensure:
- You have created boolean enrichments in Data Designer
- The enrichments return TRUE for violations
- The enrichment pipeline has been run
Report Language
Report Language: Select the language for the generated report. The AI writes the entire report in your selected language.
Include Case Violation List
Include Case Violation List (Excel): When checked, generates an Excel spreadsheet with all case violations.
Use this option when you need:
- Detailed violation data for remediation
- Audit trail documentation
- Case-by-case investigation support
- Data for external compliance systems
The Excel file is attached to the email alongside the report.
Email Configuration
Send report to (Optional): Select users who should receive the GRC Report via email. Leave empty to skip email delivery.
Custom Email Subject (Optional): Override the default email subject line. If left blank, the system uses "GRC Compliance Report - [Dataset Name]".
Setting Up Controls
Step 1: Identify Control Points
Review your process and identify where controls should exist:
- Segregation of duties requirements
- Approval requirements
- Time-based SLAs
- Documentation requirements
- Authorization checks
Step 2: Create Boolean Enrichments
In Data Designer, create enrichments for each control:
Example: Approval Missing Control
Enrichment Type: Activity Check
Logic: Case does NOT contain activity "Manager Approval"
Output: Boolean (TRUE if activity missing)
Example: SLA Breach Control
Enrichment Type: Case Duration
Logic: Duration > 5 days
Output: Boolean (TRUE if breached)
Step 3: Run Enrichment Pipeline
Execute the enrichment pipeline to apply controls to all cases.
Step 4: Configure GRC Report
Add the GRC Report action step and select your enriched dataset.
Best Practices
Name controls clearly: Use descriptive names like "SOD_Violation_Approve_Process" rather than "Control1"
Organize by category: Group related controls for better dashboard visualization
Set appropriate thresholds: Calibrate SLA and threshold-based controls to meaningful values
Schedule regular runs: Monitor compliance continuously, not just at audit time
Include case lists for remediation: Enable Excel export when teams need to act on violations
Review with stakeholders: Validate control definitions with compliance and business teams
Example Configurations
Weekly Compliance Monitoring
| Setting | Value |
|---|---|
| Dataset | Purchase-to-Pay (Enriched) |
| Report Language | English |
| Include Case List | Unchecked |
| Email Recipients | compliance-team@company.com |
| Custom Email Subject | Weekly P2P Compliance Status |
Monthly Audit Package
| Setting | Value |
|---|---|
| Dataset | Financial Close Process (Enriched) |
| Report Language | English |
| Include Case List | Checked |
| Email Recipients | internal-audit@company.com, cfo@company.com |
| Custom Email Subject | Monthly Financial Controls Report |
Regional Compliance Review
| Setting | Value |
|---|---|
| Dataset | EMEA Order Processing (Enriched) |
| Report Language | German |
| Include Case List | Checked |
| Email Recipients | regional-compliance@company.de |
Troubleshooting
No controls found
Solution: The GRC Report looks for boolean enrichment columns. Ensure:
- You have created boolean enrichments
- Enrichments output TRUE for violations
- The enrichment pipeline has been run
All cases show as violations
Solution: Check your control logic - ensure TRUE indicates a violation, not compliance.
Excel file is very large
Solution: For datasets with many violations:
- Filter the dataset before running
- Run reports more frequently to catch issues early
- Consider separate reports for different control categories
Report doesn't reflect recent changes
Solution: Ensure:
- The enrichment pipeline has been run after data updates
- The action is using the correct (enriched) dataset
- Any caching has been cleared if needed
Email not received
Solution:
- Verify email addresses are correct
- Check spam/junk folders
- Confirm the action completed successfully
- Check if Excel attachment exceeded email size limits
Related Documentation
- Actions Overview
- AI Insights Report (Alpha) - Comprehensive 12-section analysis
- AI Process Analyst Report (Alpha) - Executive improvement recommendations
- Enrichments Overview - Creating control enrichments
Support
If you encounter issues with AI GRC Report:
- Email: support@mindzie.com
- Include: Dataset name, control names, and specific compliance questions
- Note this is an Alpha feature - your feedback shapes the final product