Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Page Contents
Table of Contents | ||
---|---|---|
|
Live Search spaceKey ZenGRCOnboardingGuide additional none placeholder Search our site type page
Overview
This step defines the program/framework along with the controls you want to scope for the audit. You can remove irrelevant controls from the audit or create a custom audit from different combinations of programs, standards, and targetsaudits. It can be skipped by clicking any of the circled step numbers at the top or by clicking the Next button.
Tip | ||
---|---|---|
| ||
This step is the same for both internal and external audits. |
Image Added
Tip | ||
---|---|---|
| ||
If your System of Record is already set up with your programs, objectives, controls, and other objects mapped, it makes completing this step more efficient. |
Mapping Controls to the Audit
The goal of this step is to define which controls should be audited.
- This is the product, process, or system (or any other object within ZenGRC) to audit. This is optional.Tip | ||
---|---|---|
| ||
Making a selection in the Select audit target populates the Control column with the list of controls already scoped to the selection. |
Tip | ||
---|---|---|
| ||
If you select options in both the Select audit target and the Select program/standard dropdown menus, only controls mapped to both menus display. This is useful if you want to select a system or office location in the Select audit target and then select the program in the Select program/standard to test it against. |
Scoping Controls to an Audit
The page for defining the scope mapping requests to an audit is comprised of the following fields:
Select audit targetTo scope controls to an three columns as follows:
Available Audits – This is the current audit just created in Step 1. Info.
- Controls Mapped – This contains controls mapped to the audit. It will be blank on first page visit.
Available Controls – If you made a selection in the Related Program drop-down box on Step 1. Info, the controls in that framework or program are displayed here. If nothing is selected in the Related Program drop-down box, this column displays all controls in the instance.
Adding Controls
To map controls to the audit, complete the following steps:
Select an option in the Select audit target and/or the the Select program/standard dropdown menus.Image Removed
Select the check boxes next to the desired controls in the Controls column.
Tip | ||
---|---|---|
| ||
If a control you want to scope is not found in the audit target or the program/standard selected for this audit, you can still map it to this audit. See Finding Controls Outside the Audit Target or Program. |
Click Move to Scope. The selected controls display in the In-Scope Controls column.
Info | ||
---|---|---|
| ||
To scope all controls at once, please see Scoping All Controls to an Audit. |
To scope all controls to an audit, complete the following steps:
In the Controls column, click the Select all checkbox.Image Removed
Removing Controls from an Audit
To remove controlsYour audit is automatically selected in the Available Audits column.
Image AddedSelect a check box next to a control in the Available Controls column. This activates the Map Controls button.
Alternatively, select the Select All check box to choose all controls in the column.
Image AddedClick Map Controls. This activates the Map Controls button.
- The request moves to the Controls Mapped column and is now added to the audit.
- Continue until all appropriate controls are mapped to the audit.
Removing Controls
To remove controls from an audit, complete the following steps:
In the In-Scope Controls column, click the checkboxes next to the desired controls.Tip | ||
---|---|---|
| ||
There will only be controls in the In-Scope Controls column if they have previously been scoped to the audit. |
Removing All Controls from an Audit
To remove all controls from an audit- Select a check box next to a control in the Controls Mapped column. This activates the Unmap Controls button.
- Alternatively, select the Select All check box to choose all controls in the column.
- Click Unmap Controls.
Image Added - The control is removed from the audit and added to the Available Controls column.
Displaying Descriptions
To read descriptions of any control or request, complete the following steps:
In the In-Scope Controls column, click the Select all checkbox.Tip | ||
---|---|---|
| ||
There will only be controls in the In-Scope Controls column if they have previously been scoped to the audit. |
If there is a control you want to use that is not found in the audit target or the program/standard, you can still scope it to your audit.
To display a control mapped to a program other than the audit target- Select an item in any column.
- Click the Details link.
Image Added - The control or request opens in a new tab or window and displays all pertinent information.
Finding Controls Mapped to Other Objects
The mapper allows you to easily find and add controls in bulk that are associated with other ZenGRC items.
For example, you can easily map all controls in a few clicks that have already been assessed in a prior ZenGRC audit. This decreases time involved in searching for and mapping controls to an audit and ensures accuracy without manual comparison.
Displaying Controls
To open the dialog box that allows you to search for controls attached to any object, such as the last audit or another program, complete the following steps:
Select an option from either the Select Audit target or Select Program/Standard dropdown menus.Image Removed
Tip | ||
---|---|---|
| ||
If the Select Audit target or Select Program/Standard dropdown menus already have selections, you will need to remove them. |
Tip | ||
---|---|---|
| ||
Making a selection in both the Select Audit target or Select Program/Standard dropdown menus only displays controls mapped to both. |
Image Removed
Displaying Control Descriptions
Brief descriptions of controls are available within the Controls and the In-Scope Controls columns and can be accessed from this page.Tip | ||
---|---|---|
| ||
In order to display controls in the Controls column, you must make a selection in the Select audit target or the Select program/standard dropdown boxes. |
- Click the Controls link in the Available Controls heading.
Image Added Under Mapping relevance, select the item to which the controls you seek are mapped.
Image Added- This populates the Select object drop-down box where you can select an item, such as a past audit.
- Click Select. The dialog closes to display the mapper. If an audit is selected in Mapping relevance, all of the audit's controls display for you to add to the current audit. This ensures the past audit will be correctly replicated in the new audit.
Narrowing the Control Search
To add rules to help with searching, complete the following steps
- After making an initial selection n the Filters dialog box, click Add New Rule.
Image Added In the Relevant to column, click the drop-down to display an object, which then populates the second drop-down with related items.
Image Added- Click Select. The dialog closes to display the mapper.
Viewing all Controls
To clear all filters and display all controls in the application, complete the following steps:
- Hover over the desired control. The icon for information displays.
- Alternately, remove the mouse from the icon to remove the description.
- In the Filters dialog box, click Clear.
Image Added - Click Select. The dialog closes to display the mapper.
Image Removed
Hover over the icon to display the description.
Image Removed
Searching for Controls
The Controls and the In-Scope Controls columns are searchable. The search boxes are located directly below the column headings. Each search box only searches the information displayed within the column it resides.
Tip | ||
---|---|---|
| ||
The search within each column covers words in the titles as well as in descriptions displayed when you hover over the information icon for an individual control. |
To conduct a search, complete the following steps:
- Click inside the applicable Search box.
- Image Removed
Type any word associated with the desired topic. The system updates the column below the search box in real time.
Image Added - Alternately, to remove the search term, click the x to the right of the search box.
Completing the Step
To finish this step, complete the following:
Click Next. The Step 3. Requests page displays.
Info title NOTE Continue to the next section - Step 4: Generating Assessments3: Setting up Audit Requests.
Include Page | ||||
---|---|---|---|---|
|