Control 3.3: Compliance and Regulatory Reporting
Overview
Control ID: 3.3 Control Name: Compliance and Regulatory Reporting Regulatory Reference: FINRA 4511, SEC 17a-3/4, SOX 302/404, GLBA 501(b), OCC 2011-12 Setup Time: 3-5 hours
Purpose
Compliance and Regulatory Reporting establishes a comprehensive framework for generating, distributing, and archiving compliance reports that demonstrate AI agent governance adherence to financial services regulations. This control ensures that organizations can provide evidence of regulatory compliance during examinations, audits, and internal reviews while maintaining continuous visibility into control effectiveness across all governance pillars.
Prerequisites
Primary Owner Admin Role: Compliance Officer Supporting Roles: Power Platform Admin, SharePoint Site Owner
Licensing Requirements
| Component | License Required |
|---|---|
| Microsoft Purview Compliance Portal | Microsoft 365 E5 Compliance |
| Power BI for Compliance Dashboards | Power BI Pro or Premium |
| SharePoint for Report Archiving | Microsoft 365 E3/E5 |
| Microsoft Sentinel (optional) | Azure subscription |
| Compliance Manager | Microsoft 365 E5 Compliance |
Permissions Required
| Task | Role/Permission |
|---|---|
| View Compliance Reports | Compliance Reader |
| Generate Compliance Reports | Compliance Administrator |
| Configure Compliance Manager | Compliance Manager Administrator |
| Access Audit Logs | Audit Log Reader |
| Distribute Reports | SharePoint Site Owner |
| Sign-off on Reports | Designated Approver (Business Role) |
Dependencies
- [x] Control 3.1: Agent Inventory and Metadata Management
- [x] Control 3.2: Usage Analytics and Activity Monitoring
- [x] Control 1.7: Comprehensive Audit Logging
- [x] All Pillar 1, 2, and 4 controls (as evidence sources)
Pre-Setup Checklist
- [ ] Compliance Manager configured for organization
- [ ] Report distribution lists established
- [ ] SharePoint document library created for report archiving
- [ ] Executive sign-off workflow defined
- [ ] Regulatory examination calendar documented
Governance Levels
Baseline (Level 1)
Generate compliance reports showing control status, audit logs, and policy adherence.
Recommended (Level 2-3)
Monthly compliance reports; dashboards showing control maturity by pillar.
Regulated/High-Risk (Level 4)
Quarterly regulatory reports; evidence of compliance with all applicable regulations.
Setup & Configuration
Step 1: Configure Microsoft Compliance Manager
Portal Path: Microsoft Purview → Compliance Manager → Assessments
- Navigate to Microsoft Purview Compliance Portal
- Select Compliance Manager in the left navigation
- Click Assessments → + Add assessment
- Create assessments for applicable regulations:
| Assessment | Template | Scope |
|---|---|---|
| FINRA Agent Governance | Custom template | AI Agents |
| SEC 17a-4 Records | SEC 17a-4 template | Agent Interactions |
| SOX 404 IT Controls | SOX 404 template | Agent Infrastructure |
| GLBA Safeguards | GLBA 501(b) template | Customer Data Agents |
- Map FSI-AgentGov controls to assessment actions
Step 2: Create Compliance Reporting Template Library
Report Types Required:
| Report Type | Frequency | Audience | Retention |
|---|---|---|---|
| Control Status Summary | Weekly | IT/Compliance | 3 years |
| Regulatory Alignment Report | Monthly | Compliance/Audit | 7 years |
| Executive Compliance Dashboard | Monthly | C-Suite | 3 years |
| Examination Ready Package | On-demand | Regulators | 7 years |
| Audit Evidence Bundle | Quarterly | Internal/External Audit | 7 years |
| Incident Compliance Summary | As needed | Compliance/Legal | 7 years |
Step 3: Set Up SharePoint Report Archive
Portal Path: SharePoint Admin Center → Sites → Create Site
- Create dedicated SharePoint site:
AI-Compliance-Reports - Configure document libraries:
AI-Compliance-Reports/
├── Weekly Reports/
│ ├── Control Status/
│ └── Metrics Summary/
├── Monthly Reports/
│ ├── Regulatory Alignment/
│ ├── Executive Dashboard/
│ └── Trend Analysis/
├── Quarterly Reports/
│ ├── Audit Evidence/
│ ├── Risk Assessment/
│ └── Control Effectiveness/
├── Examination Packages/
│ ├── FINRA/
│ ├── SEC/
│ ├── OCC/
│ └── State Regulators/
└── Archive/
└── [Year]/
- Apply retention labels:
Regulatory-7Yearfor examination packagesCompliance-3Yearfor operational reports
Step 4: Configure Automated Report Generation
Portal Path: Power Automate → Create → Scheduled cloud flow
Create automated flows for each report type:
| Flow Name | Trigger | Actions |
|---|---|---|
| Weekly Control Status | Every Monday 6 AM | Query Compliance Manager → Generate PDF → Email → Archive |
| Monthly Regulatory Report | 1st of month | Aggregate data → Generate report → Route for approval → Archive |
| Quarterly Audit Package | Quarterly | Compile evidence → Generate package → Executive sign-off → Archive |
Step 5: Build Compliance Dashboard in Power BI
Dashboard Components:
| Section | Metrics | Data Source |
|---|---|---|
| Overall Compliance Score | % controls compliant | Compliance Manager |
| Control Status by Pillar | Red/Yellow/Green by pillar | Control tracking |
| Regulatory Coverage | % regulations addressed | Assessment mapping |
| Trend Analysis | Score over time | Historical data |
| Action Items | Open remediation items | Compliance Manager |
| Upcoming Reviews | Scheduled control reviews | Calendar integration |
Step 6: Establish Report Distribution and Approval
Distribution Matrix:
| Report | Primary Recipients | CC Recipients | Approval Required |
|---|---|---|---|
| Weekly Status | Compliance Team, IT Ops | - | No |
| Monthly Regulatory | CCO, CIO, CISO | Business Heads | Yes - CCO |
| Quarterly Audit | CAO, External Auditors | CCO, CEO | Yes - CAO, CCO |
| Examination Package | Exam Coordinator | CCO, Legal | Yes - CCO, Legal |
Step 7: Configure Regulatory Calendar Integration
Track examination schedules and filing deadlines:
| Regulator | Typical Schedule | Report Requirements |
|---|---|---|
| FINRA | Annual cycle exam | Books and records, supervision evidence |
| SEC | Periodic exams | 17a-4 compliance, trading records |
| OCC | 12-18 month cycle | IT risk management, third-party controls |
| State Regulators | Annual | State-specific requirements |
| SOX Auditors | Annual | IT general controls, access management |
PowerShell Configuration
# ============================================================
# Control 3.3: Compliance and Regulatory Reporting
# PowerShell Configuration Script for FSI Organizations
# ============================================================
# Install required modules
Install-Module -Name Microsoft.Graph -Force -AllowClobber
Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber
Install-Module -Name PnP.PowerShell -Force -AllowClobber
# Connect to services
Connect-MgGraph -Scopes "Reports.Read.All", "Compliance.Read.All"
Connect-ExchangeOnline
Connect-PnPOnline -Url "https://[tenant].sharepoint.com/sites/AI-Compliance-Reports" -Interactive
# ============================================================
# SECTION 1: Control Status Report Generation
# ============================================================
function New-ControlStatusReport {
param(
[Parameter(Mandatory=$true)]
[string]$OutputPath,
[ValidateSet("Weekly", "Monthly", "Quarterly")]
[string]$ReportType = "Weekly"
)
Write-Host "Generating $ReportType Control Status Report..." -ForegroundColor Cyan
# Define control status structure
$controlStatus = @{
ReportDate = Get-Date -Format "yyyy-MM-dd"
ReportType = $ReportType
Pillars = @(
@{
Name = "Pillar 1: Security"
Controls = @(
@{ Id = "1.1"; Name = "Restrict Agent Publishing"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-7) },
@{ Id = "1.2"; Name = "Agent Registry Management"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-14) },
@{ Id = "1.3"; Name = "SharePoint Content Governance"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-10) }
# Add all 18 Pillar 1 controls
)
ComplianceScore = 95
},
@{
Name = "Pillar 2: Management"
Controls = @(
@{ Id = "2.1"; Name = "Managed Environments"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-5) },
@{ Id = "2.2"; Name = "Environment Groups"; Status = "Needs Attention"; LastReview = (Get-Date).AddDays(-30) }
# Add all 14 Pillar 2 controls
)
ComplianceScore = 88
},
@{
Name = "Pillar 3: Reporting"
Controls = @(
@{ Id = "3.1"; Name = "Agent Inventory"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-3) },
@{ Id = "3.2"; Name = "Usage Analytics"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-7) }
# Add all 6 Pillar 3 controls
)
ComplianceScore = 92
},
@{
Name = "Pillar 4: SharePoint"
Controls = @(
@{ Id = "4.1"; Name = "Agent Source Governance"; Status = "Compliant"; LastReview = (Get-Date).AddDays(-14) }
# Add all 5 Pillar 4 controls
)
ComplianceScore = 97
}
)
}
# Calculate overall score
$overallScore = ($controlStatus.Pillars | ForEach-Object { $_.ComplianceScore } |
Measure-Object -Average).Average
$controlStatus.OverallComplianceScore = [math]::Round($overallScore, 1)
# Generate HTML report
$htmlReport = New-ComplianceHtmlReport -ControlStatus $controlStatus
$htmlReport | Out-File -FilePath $OutputPath -Encoding UTF8
Write-Host "Report generated: $OutputPath" -ForegroundColor Green
Write-Host "Overall Compliance Score: $($controlStatus.OverallComplianceScore)%" -ForegroundColor $(
if ($controlStatus.OverallComplianceScore -ge 90) { "Green" }
elseif ($controlStatus.OverallComplianceScore -ge 75) { "Yellow" }
else { "Red" }
)
return $controlStatus
}
function New-ComplianceHtmlReport {
param($ControlStatus)
$statusColor = @{
"Compliant" = "#28A745"
"Needs Attention" = "#FFC107"
"Non-Compliant" = "#DC3545"
}
$html = @"
<!DOCTYPE html>
<html>
<head>
<title>AI Agent Governance - Compliance Status Report</title>
<style>
body { font-family: 'Segoe UI', Arial, sans-serif; margin: 40px; background: #f8f9fa; }
.container { max-width: 1200px; margin: 0 auto; background: white; padding: 30px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); }
h1 { color: #0078D4; border-bottom: 3px solid #0078D4; padding-bottom: 15px; }
h2 { color: #333; margin-top: 30px; border-left: 4px solid #0078D4; padding-left: 15px; }
.score-card { text-align: center; padding: 30px; background: linear-gradient(135deg, #0078D4, #00BCF2); color: white; border-radius: 12px; margin: 20px 0; }
.score-value { font-size: 72px; font-weight: bold; }
.score-label { font-size: 18px; opacity: 0.9; }
.pillar-summary { display: grid; grid-template-columns: repeat(4, 1fr); gap: 20px; margin: 20px 0; }
.pillar-card { background: #f5f5f5; padding: 20px; border-radius: 8px; text-align: center; }
.pillar-score { font-size: 36px; font-weight: bold; color: #0078D4; }
table { width: 100%; border-collapse: collapse; margin: 20px 0; }
th { background: #0078D4; color: white; padding: 12px; text-align: left; }
td { border: 1px solid #ddd; padding: 10px; }
tr:nth-child(even) { background: #f9f9f9; }
.status-badge { padding: 4px 12px; border-radius: 12px; color: white; font-size: 12px; font-weight: bold; }
.regulatory-section { background: #FFF3CD; border: 1px solid #FFC107; padding: 20px; border-radius: 8px; margin: 20px 0; }
.footer { text-align: center; color: #666; margin-top: 40px; padding-top: 20px; border-top: 1px solid #ddd; }
</style>
</head>
<body>
<div class="container">
<h1>🏦 AI Agent Governance Compliance Report</h1>
<p><strong>Report Date:</strong> $($ControlStatus.ReportDate) | <strong>Type:</strong> $($ControlStatus.ReportType)</p>
<div class="score-card">
<div class="score-value">$($ControlStatus.OverallComplianceScore)%</div>
<div class="score-label">Overall Compliance Score</div>
</div>
<h2>Pillar Summary</h2>
<div class="pillar-summary">
$($ControlStatus.Pillars | ForEach-Object {
"<div class='pillar-card'>
<div class='pillar-score'>$($_.ComplianceScore)%</div>
<div>$($_.Name)</div>
</div>"
})
</div>
<h2>Regulatory Alignment</h2>
<div class="regulatory-section">
<p><strong>Regulations Covered:</strong> FINRA 4511, SEC 17a-3/4, SOX 302/404, GLBA 501(b), OCC 2011-12</p>
<p><strong>Next Examination:</strong> [To be updated based on calendar]</p>
<p><strong>Audit Readiness:</strong> Evidence packages current as of $($ControlStatus.ReportDate)</p>
</div>
<h2>Control Details by Pillar</h2>
$($ControlStatus.Pillars | ForEach-Object {
$pillar = $_
"<h3>$($pillar.Name)</h3>
<table>
<tr><th>Control ID</th><th>Control Name</th><th>Status</th><th>Last Review</th></tr>
$($pillar.Controls | ForEach-Object {
$bgColor = $statusColor[$_.Status]
"<tr>
<td>$($_.Id)</td>
<td>$($_.Name)</td>
<td><span class='status-badge' style='background: $bgColor'>$($_.Status)</span></td>
<td>$($_.LastReview.ToString('yyyy-MM-dd'))</td>
</tr>"
})
</table>"
})
<div class="footer">
<p>Generated by FSI-AgentGov Compliance Reporting System</p>
<p>This report is confidential and intended for internal compliance use only.</p>
</div>
</div>
</body>
</html>
"@
return $html
}
# ============================================================
# SECTION 2: Regulatory Alignment Report
# ============================================================
function New-RegulatoryAlignmentReport {
param(
[string]$Regulation = "All",
[string]$OutputPath = ".\RegulatoryAlignmentReport.html"
)
Write-Host "Generating Regulatory Alignment Report..." -ForegroundColor Cyan
$regulations = @{
"FINRA_4511" = @{
Name = "FINRA Rule 4511 - Books and Records"
Requirements = @(
@{ Requirement = "Retain business records for required period"; Control = "1.9, 2.13"; Status = "Compliant" },
@{ Requirement = "Maintain records in accessible format"; Control = "2.13, 3.1"; Status = "Compliant" },
@{ Requirement = "Preserve electronic communications"; Control = "1.7, 1.10"; Status = "Compliant" }
)
}
"SEC_17a-4" = @{
Name = "SEC Rule 17a-4 - Records Preservation"
Requirements = @(
@{ Requirement = "WORM storage for required records"; Control = "2.13"; Status = "Compliant" },
@{ Requirement = "Index and retrieve records"; Control = "3.1"; Status = "Compliant" },
@{ Requirement = "Third-party access letter"; Control = "2.13"; Status = "Compliant" }
)
}
"SOX_404" = @{
Name = "SOX Section 404 - Internal Controls"
Requirements = @(
@{ Requirement = "Document IT general controls"; Control = "2.8, 2.1"; Status = "Compliant" },
@{ Requirement = "Access control and segregation of duties"; Control = "2.8"; Status = "Compliant" },
@{ Requirement = "Change management controls"; Control = "2.3, 2.4"; Status = "Compliant" }
)
}
"GLBA_501b" = @{
Name = "GLBA Section 501(b) - Safeguards Rule"
Requirements = @(
@{ Requirement = "Protect NPI confidentiality"; Control = "1.5, 1.15"; Status = "Compliant" },
@{ Requirement = "Monitor for unauthorized access"; Control = "3.2, 1.8"; Status = "Compliant" },
@{ Requirement = "Third-party oversight"; Control = "2.7"; Status = "Compliant" }
)
}
"OCC_2011-12" = @{
Name = "OCC Bulletin 2011-12 - Third-Party Risk"
Requirements = @(
@{ Requirement = "Vendor risk assessment"; Control = "2.7"; Status = "Compliant" },
@{ Requirement = "Ongoing monitoring"; Control = "2.7, 3.2"; Status = "Compliant" },
@{ Requirement = "Contingency planning"; Control = "2.5"; Status = "Compliant" }
)
}
}
# Calculate compliance by regulation
$summary = $regulations.GetEnumerator() | ForEach-Object {
$compliantCount = ($_.Value.Requirements | Where-Object { $_.Status -eq "Compliant" }).Count
$totalCount = $_.Value.Requirements.Count
[PSCustomObject]@{
Regulation = $_.Value.Name
Compliant = $compliantCount
Total = $totalCount
Percentage = [math]::Round(($compliantCount / $totalCount) * 100, 0)
}
}
Write-Host "Regulatory Alignment Summary:" -ForegroundColor Green
$summary | Format-Table -AutoSize
return $summary
}
# ============================================================
# SECTION 3: Examination Ready Package Generator
# ============================================================
function New-ExaminationPackage {
param(
[Parameter(Mandatory=$true)]
[ValidateSet("FINRA", "SEC", "OCC", "State")]
[string]$Regulator,
[string]$OutputFolder = ".\ExamPackage"
)
Write-Host "Generating $Regulator Examination Ready Package..." -ForegroundColor Cyan
# Create output folder
New-Item -ItemType Directory -Path $OutputFolder -Force | Out-Null
# Define package contents by regulator
$packageContents = @{
"FINRA" = @{
"01-AI-Governance-Framework-Overview.pdf" = "Framework documentation"
"02-Agent-Inventory-Full-List.xlsx" = "Complete agent inventory"
"03-Supervisory-Procedures-WSP.pdf" = "Written Supervisory Procedures"
"04-Control-Status-Summary.pdf" = "Current control compliance status"
"05-Usage-Analytics-90-Days.xlsx" = "Agent usage data"
"06-Incident-Log.xlsx" = "Incident tracking log"
"07-Training-Completion-Records.xlsx" = "Staff training records"
"08-Policy-Documents/" = "All AI governance policies"
}
"SEC" = @{
"01-Records-Retention-Policy.pdf" = "17a-4 compliant retention policy"
"02-Agent-Interaction-Logs.xlsx" = "Customer interaction records"
"03-WORM-Storage-Certification.pdf" = "Storage compliance certification"
"04-Access-Control-Documentation.pdf" = "Access management evidence"
"05-Audit-Trail-Export.xlsx" = "Unified audit log export"
}
"OCC" = @{
"01-Third-Party-Risk-Assessment.pdf" = "Vendor risk documentation"
"02-Technology-Risk-Controls.pdf" = "IT control documentation"
"03-Business-Continuity-Plans.pdf" = "BCP documentation"
"04-Change-Management-Evidence.xlsx" = "Change control records"
"05-Security-Assessment-Results.pdf" = "Security testing evidence"
}
"State" = @{
"01-State-Licensing-Compliance.pdf" = "State-specific requirements"
"02-Consumer-Protection-Controls.pdf" = "Consumer protection evidence"
"03-Privacy-Policy-Compliance.pdf" = "Privacy documentation"
}
}
Write-Host "Package Contents for $Regulator Examination:" -ForegroundColor Yellow
$packageContents[$Regulator].GetEnumerator() | ForEach-Object {
Write-Host " - $($_.Key): $($_.Value)" -ForegroundColor Gray
}
# Create manifest
$manifest = @{
Regulator = $Regulator
GeneratedDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
GeneratedBy = (Get-MgContext).Account
Contents = $packageContents[$Regulator]
Instructions = "Upload all documents to secure examination portal within 48 hours of request"
}
$manifest | ConvertTo-Json -Depth 3 | Out-File "$OutputFolder\MANIFEST.json"
Write-Host "Package manifest created at: $OutputFolder\MANIFEST.json" -ForegroundColor Green
Write-Host "Populate the package folder with actual documents before submission." -ForegroundColor Yellow
return $manifest
}
# ============================================================
# SECTION 4: Archive Report to SharePoint
# ============================================================
function Save-ComplianceReportToSharePoint {
param(
[Parameter(Mandatory=$true)]
[string]$ReportPath,
[Parameter(Mandatory=$true)]
[string]$LibraryPath
)
Write-Host "Archiving report to SharePoint..." -ForegroundColor Cyan
$fileName = Split-Path $ReportPath -Leaf
try {
Add-PnPFile -Path $ReportPath -Folder $LibraryPath
Write-Host "Report archived: $LibraryPath/$fileName" -ForegroundColor Green
# Apply retention label
# Set-PnPListItem -List $LibraryPath -Identity $fileName -Values @{ "_ComplianceTag" = "Regulatory-7Year" }
return $true
}
catch {
Write-Error "Failed to archive report: $_"
return $false
}
}
# ============================================================
# SECTION 5: Schedule Automated Reporting
# ============================================================
function Get-ComplianceReportSchedule {
$schedule = @{
Weekly = @{
Reports = @("Control Status Summary")
Day = "Monday"
Time = "06:00 AM"
Recipients = @("compliance-team@company.com")
}
Monthly = @{
Reports = @("Regulatory Alignment Report", "Executive Dashboard", "Trend Analysis")
Day = "1st of month"
Time = "07:00 AM"
Recipients = @("cco@company.com", "cio@company.com", "ciso@company.com")
ApprovalRequired = $true
}
Quarterly = @{
Reports = @("Audit Evidence Package", "Risk Assessment", "Control Effectiveness")
Day = "First week of quarter"
Time = "07:00 AM"
Recipients = @("cao@company.com", "external-audit@company.com")
ApprovalRequired = $true
}
}
Write-Host "Compliance Report Schedule:" -ForegroundColor Cyan
$schedule | ConvertTo-Json -Depth 3
return $schedule
}
# ============================================================
# EXAMPLE USAGE
# ============================================================
Write-Host "=== Control 3.3: Compliance and Regulatory Reporting ===" -ForegroundColor Magenta
# Generate control status report
# New-ControlStatusReport -OutputPath ".\WeeklyComplianceReport.html" -ReportType "Weekly"
# Generate regulatory alignment report
# New-RegulatoryAlignmentReport -Regulation "All"
# Generate examination package
# New-ExaminationPackage -Regulator "FINRA" -OutputFolder ".\FINRA_Exam_Package"
# View report schedule
# Get-ComplianceReportSchedule
Write-Host "`nConfiguration script ready. Uncomment and run desired functions." -ForegroundColor Green
Financial Sector Considerations
Regulatory Requirements
| Regulation | Requirement | Report Type | Frequency |
|---|---|---|---|
| FINRA 4511 | Books and records documentation | Agent inventory, usage logs | Continuous |
| SEC 17a-3/4 | Customer interaction records | Interaction logs | Continuous |
| SOX 302 | Management certifications | Executive attestation | Quarterly |
| SOX 404 | Internal control documentation | Control status report | Annual |
| GLBA 501(b) | Safeguard effectiveness | Security control report | Annual |
| OCC 2011-12 | Third-party oversight | Vendor compliance report | Annual |
Zone-Specific Configuration
| Zone | Report Scope | Approval Level | Distribution |
|---|---|---|---|
| Zone 1 (Personal Productivity) | Summary metrics only | Team Lead | IT Operations |
| Zone 2 (Team Collaboration) | Department-level detail | Department Head | Business Unit |
| Zone 3 (Enterprise Managed) | Full compliance detail | CCO/CAO | Executive + Regulators |
FSI Example: Quarterly Regulatory Package
Q4 2024 Regulatory Compliance Package
├── Executive Summary
│ ├── Overall compliance score: 94%
│ ├── Controls assessed: 48
│ └── Remediation items: 3 (low severity)
│
├── Pillar Reports
│ ├── Pillar 1: Security Controls (95%)
│ ├── Pillar 2: Management Controls (92%)
│ ├── Pillar 3: Reporting Controls (96%)
│ └── Pillar 4: SharePoint Controls (94%)
│
├── Regulatory Alignment
│ ├── FINRA 4511: 100% compliant
│ ├── SEC 17a-4: 100% compliant
│ ├── SOX 404: 95% compliant
│ └── GLBA 501(b): 100% compliant
│
├── Evidence Attachments
│ ├── Audit log excerpts
│ ├── Policy documents
│ ├── Training records
│ └── Incident reports
│
└── Attestations
├── CCO sign-off: [Date]
├── CIO sign-off: [Date]
└── External auditor acknowledgment: [Date]
Verification & Testing
Verification Steps
- Report Generation
- Execute weekly control status report
- Verify all 48 controls appear with accurate status
-
Confirm pillar scores calculate correctly
-
Distribution Workflow
- Send test report to distribution list
- Verify approval workflow triggers
-
Confirm archive to SharePoint succeeds
-
Regulatory Alignment
- Review control-to-regulation mapping
- Verify evidence links are valid
-
Test examination package generation
-
Dashboard Accuracy
- Compare dashboard metrics to source data
- Verify trend calculations are correct
- Test drill-down functionality
Compliance Checklist
| Item | Required For | Status |
|---|---|---|
| Weekly control status reports | Internal governance | ☐ |
| Monthly executive dashboard | SOX 302/404 | ☐ |
| Quarterly audit packages | External audit | ☐ |
| Examination ready packages | FINRA/SEC/OCC | ☐ |
| 7-year report retention | FINRA 4511, SEC 17a-4 | ☐ |
| Executive sign-off workflow | SOX 302 | ☐ |
| Automated report generation | Operational efficiency | ☐ |
Troubleshooting & Validation
Issue: Compliance Manager Data Not Syncing
Symptoms: Assessment scores not reflecting current state
Resolution:
- Navigate to Compliance Manager → Settings
- Check data connector status
- Manually refresh assessment data
- Verify improvement actions are properly assigned
Issue: Report Distribution Fails
Symptoms: Recipients not receiving scheduled reports
Resolution:
- Check Power Automate flow run history
- Verify email addresses are correct
- Check for mail flow rules blocking
- Ensure service account has send permissions
Issue: SharePoint Archive Permission Denied
Symptoms: Reports fail to save to archive library
Resolution:
- Verify service account has Contribute permissions
- Check library isn't in read-only mode
- Ensure retention labels allow new content
- Test with manual upload first
Issue: Examination Package Incomplete
Symptoms: Missing documents in generated package
Resolution:
- Review MANIFEST.json for required documents
- Verify source document locations
- Check document permissions
- Validate content freshness dates
Issue: Dashboard Performance Slow
Symptoms: Power BI dashboard takes long to load
Resolution:
- Implement incremental refresh
- Optimize data model relationships
- Reduce visual complexity
- Consider Premium capacity for large datasets
Additional Resources
- Microsoft Purview Compliance Manager
- Compliance Manager Assessments
- Power BI for Compliance Reporting
- SharePoint Records Management
- Power Automate Scheduled Flows
Related Controls
| Control | Relationship |
|---|---|
| 3.1 Agent Inventory | Provides agent data for reports |
| 3.2 Usage Analytics | Supplies usage metrics |
| 1.7 Audit Logging | Source of audit evidence |
| 2.13 Documentation | Archives reports |
| 2.12 Supervision | Uses reports for supervisory review |
Support & Questions
For implementation support or questions about this control, contact:
- AI Governance Lead (governance direction)
- Compliance Officer (regulatory requirements)
- Technical Implementation Team (platform setup)
Updated: Dec 2025
Version: v1.0 Beta (Dec 2025)
UI Verification Status: ❌ Needs verification