Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

...


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview


The first step in audit creation is providing basic information. After this step is completed by clicking Save, the setup can be paused for an indefinite amount of time

...

and resumed when

...

necessary

Image Added

...

Creating the Audit


To

...

create an audit, complete the following steps:

...

  1. In the left-hand navigation

...

  1. , click the New button, then select Audit.

...

Tip
titleTIP

Select External audit for the ability to export information to outside auditors. This allows external auditors to prepare a Document Request List (DRL). Select Internal audit when all assessors and verifiers are internal to your organization and don't need the exported information for preparing a DRL. 

Info
titleNOTE

In this step, internal and external audits are the same, with the exception that external audits include two additional fields for auditors and audit firms outside your organization.

...


  1. Image Added

Adding General Info


On the 1. Info step, under General Info, complete the following fields:

  1. Audit

...

  1. Title -

...

  1. This is the audit

...

  1. name and a required field

...

titleTIP

...

  1. that needs to be unique. The system prompts you to select another heading if there is a duplicate in

...

  1. your instance.

  2. Audit

...

  1. Manager - This

...

  1. can be a powerful field. Only those in Administrator, Editor and Contributor roles can be added. These users oversee the audit and get full access to all related requests and assessments. It defaults to the person creating the audit.

...



  1. Info
    titleNOTE

    To see how users added to the Audit Manager field can be selected as assessors or verifiers for the audit's assessments, please see Step 4: Generating Assessments.


  2. Related Program - This is the framework for the audit.

...

  1. If a program is chosen, it's mapped controls are then displayed for selection in Step 2. Scope. Making a selection also helps with reporting on a program's control efficiency. 

    Info
    titleNOTE

...

  1. To add only controls that have been evaluated in a past audit, leave Related Program blank. For more information on how to re-evaluate controls from a past audit, please see Step 2: Defining the Scope.


  2. Audit Type - Select External audit to share information with outside auditors. Select Internal audit when all assessors and verifiers are internal to your organization.

    Info
    titleNOTE

    For instances using the ZenGRC default storage, Google Drive storage, or customized Amazon Web Services (AWS) storage, the storage space for each audit

...

  1. is

...

  1. globally configured. For more information, please see Integrating Your Storage System.

...

  1. Those who connect to their own Box accounts are able to select the Box folder designated for each audit's evidence upload. Please see the Box information in Integrating Your Storage System.


  2. Auditors - This field was created for those outside your organization who only need access to this individual audit. Only those in an Administrator, Editor or Contributor role can be added. For external auditors, add them to your instance in a Contributor role so they can be selected for this field.
  3. Audit Firm - Enter the name of the external audit organization.
  4. Click Additional information to display date selectors for time frames.

...



  1. Image Added

    1. Start Date - This is to show when the audit process is supposed to start. It does not affect functionality.

    2. Audited Period - This helps to understand the time scope of the audit. It does not affect functionality.

      Image Added

Determining Request Location


If your organization

...

has Jira or ServiceNow integrations, the area under Requests has those options. If selected, the requests are managed in the respective applications. Selecting ZenGRC allows all management and location of requests to be done in your ZenGRC instance.

Image Added

Determining Evidence Location


ZenGRC allows multiple areas to be used for evidence storage. This setup can be done in Settings | Storage and is documented at Integrating Your Storage System.

Image Added

Finalizing the Step


  1. Click Next. The page for defining the scope is displayed.

    Tip
    titleTIP
    When you click Next, the audit is created and is located in the Draft Audit tab. 


    Info
    titleNOTE
    Continue to the next section - Step 2: Defining the Scope.