Versions Compared

Old Version 25

changes.mady.by.user Tristan Mohn

Saved on

compared with

New Version Current

changes.mady.by.user Victoria Buhler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Page Contents

Table of Contents
indent18px


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview

This step differs between external and internal audits.

For an external audit, this is the step to export data in a CSV file showing the relationship between the objectives and controls. The CSV file can then be sent to external auditors who use it to structure the Document Request List (DRL).

For an internal audit, this is the step to set up a template used for gathering information necessary for the type of internal audit being conducted.

External Audit - Exporting Audit Data

To export audit data for an external audit, complete the following steps:

Click Export Audit Data. The CSV file will open or download in the manner you've specified in your browser.
Image Removed
Click Close to pause the audit. This puts the audit in a draft state. Include PageDI:Note - Finding a Draft AuditDI:Note - Finding a Draft AuditImage Removed
  • Send the CSV file to your auditor who will then provide you with a Document Request List (DRL).
  • Once the DRL is received from the external auditors, resume audit set up with Step 4: Setting up Audit Requests.

  • Alternatively, click any of the circled step numbers at the top of the screen to continue with audit setup.

    • Audit Data

    The audit data is structured to show your external auditors how your organization's controls map to the objectives in your compliance program. It can also help them arrange an interview schedule with relevant control owners.
    The following are the column headings in the CSV file:
    • Control Code
    • Control Title
    • Control Description
    • Control Owner
    • Objective Code
    • Objective Title
    • Objective Description

    Image Removed

    Exporting Data After the Initial Export

    There may be several reasons for exporting a CSV file after it's been initially exported. Include PageDI:Note - Finding a Draft AuditDI:Note - Finding a Draft AuditTo generate another file with audit data, complete the following steps:Click the circled number or green check mark displayed at the top of the audit set up page.
    Tip
    titleTIP

    If the step has been completed, a green check mark displays instead of the step number.

    Image Removed
    Click Need to export audit data again?

    Image Removed

    Internal Audit - Setting Up an Assessment Template

    Tip
    titleTIP

    These are the fields that display for each control in an audit and are used to rate the control's effectiveness.

    Tip
    titleTIP

    All of the information in this step is optional. To bypass setting up assessors or verifiers, click Next to continue with the next step, or click any of the circled step numbers at the top.

    Image Removed
    To set up default assessors and verifiers in assessments, complete the following steps:Default assessors - This is the person conducting the testing and whose name is

    allows you to choose whether or not assessments will be generated as part of the audit. It also allows the selection of default assessors and verifiers on assessments, which are added to objects when the audit is activated.

    Image Added

    Generating Assessments

    To determine whether assessments will be created when the audit is activated, complete the following:

    1. Select the Yes radio button under Would you like to perform control assessments?
    2. Alternatively, select No to prevent their generation.

    Anchor
    assessmentTemplate
    assessmentTemplate
    Assigning Default Assessors and Verifiers

    Selections in this step add assessors and verifiers to the audit's assessments, which are automatically generated when the audit is activated.

    1. Default assessors - These are the users conducting the testing and whose names are placed in the Assessor field of the assessments that will be generated when the audit is activated.
      Image Removed

      Image Added

      Depending on the selection,  the Default assessors pulls names information from the following fields in ZenGRCand adds them to the Assessors field of the audit's assessments
      1. Selecting Control owner pulls  uses names in names from the Owner field for of the control being assessed.
      2. Selecting Audit managers pulls in managers uses names added to the same field in Step 1 the first step of audit setup. The , which is where the following screenshot is from Step 1 and displays the audit manager.
        Image Removedis taken. If there is more than one name in this field, all are added to the Assessors field in the assessment.

        Image Added

      3. Selecting Primary Contact selects the person listed in the  pulls from the Primary contact field of the control being assessed.
      4. Selecting Secondary Contact selects the person listed in the  pulls from the Secondary contact field of the control being assessed.Selecting Other leaves the Assessor field blank for all assessments generated.

    2. Default verifiers - This is the person reviewing evidence supplied and whose name is placed in the  These are the users conducting the testing and whose names are placed in the Verifier field of the assessments.
       


      Depending on the selection, Default verifiers pulls names pulls information from the following fields in ZenGRC and adds them to the Verifiers field of the audit's assessments

      1. Selecting Audit managers pulls in uses names added to the same field in Step 1 of audit setup.
      2. Selecting Other leaves the Verifier field blank for all assessments generated.

      3. Selecting None leaves the Verifier field blank for all assessments generated.
          

    3. Click Next to complete the step.

      Info
      titleNOTE
      Continue to the next section - Step
      4: Setting up Audit Requests
      5: Reviewing and Starting the Audit.



    Include Page
    di:RH Navigation
    di:RH Navigation