Page Comparison

Overview

The first step in the audit setup creation is providing basic information. The After this step is completed by clicking Save, the setup can be paused for an indefinite amount of time after this step is completed and resumed when there is enough data to continuenecessary. 
Image Removed
Image Added

Creating the Audit

To create an audit, complete the following steps:

1. In the left-hand navigation, click the New button and select Audit (External) or Audit (Internal).
   Image Removed

   Tip
   title TIP
   Select External audit for the ability to export information to outside auditors. This allows external auditors to prepare a Document Request List (DRL). Select Internal audit when all assessors and verifiers are internal to your organization and don't need the exported information for preparing a DRL.

   Info
   title NOTE
   In this step, internal and external audits are the same, with the exception that external audits include two additional fields for auditors and audit firms outside your organization.

Adding Basic Information

Image Removed

1. button, then select Audit.
   
   Image Added

Adding General Info

On the first step, under General Info, complete the following fields:

1. Audit titleTitle - Add a name for This is the audit . This is name and a required field .
   

   Tip

   title	TIP

   The audit title

   that needs to be unique. The system prompts you to select another heading if there is a duplicate in

   the system

   your instance.

2. Audit managersManagers - These people oversee this particular audit, and it Only those in Administrator and Editor roles can be added. These users oversee the audit and get full access to all related requests and assessments. It defaults to the person creating the audit. If you are setting up an audit for someone else, set that person as Audit manager. The users added to this field can be the default selections for assessors and verifiers in the audit's assessments.
   
   

   Info
   title NOTE
   To see how users added to the Audit managersManagers field can be selected as assessors or verifiers for the audit's assessments, please see Setting up a Template in Step 4: Generating Assessments. Assessment.

   
   

3. Related programProgram - This is the framework for the audit. If a selection program is made, the controls mapped to the program are displayed in Step 2 - Defining the Scope. It is optionalchosen, it's mapped controls are then displayed for selection in Step 2. Scope. Making a selection also helps with reporting on a program's control efficiency. 
   
   

   Info
   title NOTE
   To add only controls that have been evaluated in a past audit, leave Related Program blank. For more information on how to re-evaluate controls from a past audit, please see

   
   

4. Audit Type - Select External audit to share information with outside auditors. Select Internal audit when all assessors and verifiers are internal to your organization.
   
   

   Info
   title NOTE
   For instances using the ZenGRC default storage, Google Drive storage, or customized Amazon Web Services (AWS) storage, you no longer select a the storage space for each audit , as it is now globally configured. For more information, please see Integrating Your Storage System. Those who connect to their own Box accounts are still able to select the Box folder designated for each audit's evidence upload. Please see the Box information within in Integrating Your Storage System.

   The following fields only exist for an external audit:
   
5. External auditors (optional) - Select ZenGRC users who need access to the visual display of an audit. Those outside your organization need to be added as a user in the application with Creator access.
Audit firm (optional)




6. Auditors - This field was created for those outside your organization who only need access to this individual audit. Only those in an Administrator, Editor or Contributor role can be added. For external auditors, add them to your instance in a Contributor role so they can be selected for this field.
7. Audit Firm - Enter the name of the external audit organization.
   Info

   title	NOTE

   If your organization has configured ZenGRC to communicate with your Jira instance, you may have an additional selection in the first step. Please see Creating a Jira Audit..

8. Click Additional information to display date selectors for time frames.
   
   Image Added
   
   

   1. Start Date - This is to show when the audit process is supposed to start. It does not affect functionality.

   2. Audited Period - This helps to understand the time scope of the audit. It does not affect functionality.
      
      Image Added

Determining Request Location

If your organization has Jira or ServiceNow integrations, the area under Requests has those options. If selected, the requests are managed in the respective applications. Selecting ZenGRC allows all management and location of requests to be done in your ZenGRC instance.

Image Added

Determining Evidence Location

ZenGRC allows multiple areas to be used for evidence storage. This setup can be done in Settings | Storage and is documented at Integrating Your Storage System.

Image Added

Finalizing the Step

1. Click Next. The page for defining the scope is displayed.
   
   

   Tip
   title TIP
   When you click Next, the audit is created and is located in the Draft Audit tab.

   
   

   Info
   title NOTE
   Continue to the next section - Step 2: Defining the Scope.