...
- Click Audits in the left-hand navigation to open the Audits page.
- Click Create new dropdown box.
Select Internal audit or External audit.
Tip title TIP Select External audit for the ability to export information to outside auditors. This allows external auditors to prepare a Document Request List (DRL). Select Internal audit when all assessors and verifiers are internal to your organization and don't need the exported information for preparing a DRL.
Tipinfo title TIPNOTE In this step, internal and external audits are the same, with the exception that external audits include two additional fields for auditors and audit firms outside your organization.
- Complete the following fields:
Audit title - Add a name for the audit. This is a required field.
Tip title TIP The audit title needs to be unique. The system prompts you to select another heading if there is a duplicate in the system. - Audit managers - This is the person who oversees this particular audit, and it defaults to the person creating the audit. If you are setting up an audit for someone else, set that person as Audit Manager. This is a required field.
- Related program - This is the framework for the audit. It is optional.
Set evidence destination folder - Select the storage area where evidence data will be placed.
Info title NOTE ZenGRC is the default storage space and is the preferred choice to store your audit data. For answers to your questions regarding this platform, please see ZenGRC Storage Security FAQs.
Info title NOTE For Google Drive integrations, please make sure to configure folder permissions so users can upload evidence. Please see the instructions on the Google Drive website.
Info title NOTE For Box integrations, there are additional steps to take prior to setting up an audit. Please see Box Storage Integration.
- The following fields only exist for an external audit:
- External auditors (optional) - Select ZenGRC users who need access to the visual display of an audit. If the person is outside your organzation, they need to be added as a user in the system for them to be displayed.
Audit firm (optional) - Enter the name of the audit organization.
Info title NOTE If your organization has configured ZenGRC to communicate with your Jira instance, you may have an additional selection in the first step. Please see Creating a Jira Audit.
Click Next. The page for defining the scope is displayed.
Tip title TIP When Next is clicked, the audit is created and is located in the Draft Audit tab. Info title NOTE Continue to the next section - Step 2: Defining the Scope.