Versions Compared

Old Version 33

changes.mady.by.user Tristan Mohn

Saved on

compared with

New Version Current

changes.mady.by.user Victoria Buhler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Page Contents

Table of Contents
indent18px


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview

This step defines the program/framework along with the controls you want to scope for the audit. You can remove irrelevant controls from the audit or create a custom audit from using different combinations of programs, standards, and targetsauditsIt can be skipped by clicking any of the circled step numbers at the top or by clicking the Next button.

Tip
titleTIP

This step is the same for both internal and external audits.

Image Removed


Image Added

Tip
titleTIP

If your System of Record is already set up with your programs, objectives, controls, and other objects are already mapped, it makes completing this step more efficient. 

Intro to the Scope Page

Mapping Controls to the Audit

The goal of this step is to define which controls should be audited. 

 - This is the product, process, or system (or any other object within ZenGRC) to audit. This is optional. 
Tip
titleTIP

Making a selection in the Select audit target populates the Control column with the list of controls already scoped to the selection.

Select program/standard - This contains the desired framework/program for the audit. This is optional.
Tip
titleTIP

If you select options in both the Select audit target and the Select program/standard dropdown menus, only controls mapped to both menus display. This is useful if you want to select a system or office location in the Select audit target and then select the program in the Select program/standard to test it against.

  • Audited period (optional) - When you are auditing a specific time period, such as a fiscal year, use these date fields to set the beginning and end date.

    • Scoping Controls to an Audit

    The page for defining the scope mapping requests to an audit is comprised of the following fields:

    Select audit target

    To scope controls to an three columns as follows:

    • Available Audits – This is the current audit just created in Step 1. Info

    • Controls Mapped – This contains controls mapped to the audit. It will be blank on first page visit.

    • Available Controls – If you made a selection in the Related Program drop-down box on Step 1. Info, the controls in that framework or program are displayed here. If nothing is selected in the Related Program drop-down box, this column displays all controls in the instance.

    Adding Controls

    To map controls to the audit, complete the following steps:

    Select an option in the Select audit target and/or the the Select program/standard dropdown menus.
    Image Removed
    Select the check boxes next to the desired controls in the Controls column
    Tip
    titleTIP

    If a control you want to scope is not found in the audit target or the program/standard selected for this audit, you can still map it to this audit. See Finding Controls Outside the Audit Target or Program.

    Image Removed
    Click Move to Scope. The selected controls display in the In-Scope Controls column.
    Info
    titleNOTE
    To scope all controls at once, please see Scoping All Controls to an Audit.
    Image Removed
  • Click Next to continue to Step 4: Generating Assessments.
    • AnchorscopingallcontrolsscopingallcontrolsScoping All Controls to an Audit

    To scope all controls to an audit, complete the following steps:

    In the Controls column, click the Select all checkbox.
    Image Removed
  • Click Move to Scope. The selected controls display in the In-Scope Controls column.

    • Removing Controls from an Audit

    To remove controls

    1. Your audit is automatically selected in the Available Audits column. 

      Image Added

    2. Select a check box next to a control in the Available Controls column. This activates the Map Controls button.

    3. Alternatively, select the Select All check box to choose all controls in the column.

      Image Added

    4. Click Map Controls. This activates the Map Controls button.

    5. The request moves to the Controls Mapped column and is now added to the audit.
    6. Continue until all appropriate controls are mapped to the audit.

    Removing Controls

    To remove controls from an audit, complete the following steps:

    In the In-Scope Controls column, click the checkboxes next to the desired controls.
    Tip
    titleTIP

    There will only be controls in the In-Scope Controls column if they have previously been scoped to the audit. 

    Image Removed
  • Click Remove from Scope. The selected controls display in the Controls column and are no longer in scope for the audit.

    • Removing All Controls from an Audit

    To remove all controls from an audit
    1. Select a check box next to a control in the Controls Mapped column. This activates the Unmap Controls button.
    2. Alternatively, select the Select All check box to choose all controls in the column.
    3. Click Unmap Controls.

      Image Added

    4. The control is removed from the audit and added to the Available Controls column.

    Displaying Descriptions

    To read descriptions of any control or request, complete the following steps:

    In the In-Scope Controls column, click the Select all checkbox.
    Tip
    titleTIP

    There will only be controls in the In-Scope Controls column if they have previously been scoped to the audit. 

    Image Removed
  • Click Remove from Scope. The selected controls display in the Controls column and are no longer in scope for the audit.
    • AnchorFindingControlsOutsidetheAuditTargetorProgramFindingControlsOutsidetheAuditTargetorProgramFinding Controls Outside the Audit Target or Program

    If there is a control you want to use that is not found in the audit target or the program/standard, you can still scope it to your audit.

    To display a control mapped to a program other than the audit target
    1. Select an item in any column.
    2. Click the Details link. 

      Image Added

    3. The control or request opens in a new tab or window and displays all pertinent information.

    Finding Controls Mapped to Other Objects

    The mapper allows you to easily find and add controls in bulk that are associated with other ZenGRC items.

    For example, you can easily map all controls in a few clicks that have already been assessed in a prior ZenGRC audit. This decreases time involved in searching for and mapping controls to an audit and ensures accuracy without manual comparison.

    Displaying Controls

    To open the dialog box that allows you to search for controls attached to an object, such as the last audit or another program, complete the following steps:

    Select an option from either the Select Audit target or Select Program/Standard dropdown menus.
    Image Removed
     
    Tip
    titleTIP

    If the Select Audit target or Select Program/Standard dropdown menus already have selections, you will need to remove them.

    Tip
    titleTIP

    Making a selection in both the Select Audit target or Select Program/Standard dropdown menus only displays controls mapped to both.

    Find the desired control and click the check box to select it.
    Image Removed
  • Click Move to Scope.
  • After the control is scoped, remove the selection from the dropdown and select your prior choices in the dropdown menus.

    • Displaying Control Descriptions

    Brief descriptions of controls are available within the Controls and the In-Scope Controls columns and can be accessed from this page.
    Tip
    titleTIP

    In order to display controls in the Controls column, you must make a selection in the Select audit target or the Select program/standard dropdown boxes.

    To see a description of a control
    1. Click the Filters in the Available Controls heading.

      Image Added

    2. Under Mapping relevance, select the item to which the controls you seek are mapped.

    3. This populates the Select object drop-down box where you can select an item, such as a past audit.

      Image Added

    4. Click Select. The dialog closes to display the mapper. If an audit is selected in Mapping relevance, all of the audit's controls display for you to add to the current audit. This ensures the past audit will be correctly replicated in the new audit.

    Narrowing the Control Search

    To add rules to help with searching, complete the following steps

    1. After making an initial selection n the Filters dialog box, click Add New Rule.

      Image Added

    2. In the Relevant to column, click the drop-down to display an object, which then populates the second drop-down with related items.

      Image Added

    3. Click Select. The dialog closes to display the mapper.

    Viewing all Controls

    To clear all filters and display all controls in the application, complete the following steps:

      Hover over the desired control. The icon for information displays.
      Image Removed
      Hover over the icon to display the description.
      Image Removed
    1. Alternately, remove the mouse from the icon to remove the description.
    2. In the Filters dialog box, click Clear.

      Image Added

    3. Click Select. The dialog closes to display the mapper.

    Searching for Controls

    The Controls and the In-Scope Controls columns are searchable. The search boxes are located directly below the column headings. Each search box only searches the information displayed within the column it resides.

    Tip
    titleTIP

    The search within each column only covers words in the titles as well as in descriptions displayed when you hover over the information icon for an individual control.


    To conduct a search, complete the following steps:

    1. Click inside the applicable Search box.
    2. Image Removed
      Type any word associated with the desired topictitle. The system updates the column below the search box in real time.

      Image Added

    3. Alternately, to remove the search term, click the x to the right of the search box.

    Completing the Step

    To finish this step, complete the following:

    1. Click Next. The Step 3. Requests page displays.

      Info
      titleNOTE
      Continue to the next section - Step 4: Generating Assessments3: Setting up Audit Requests.



    Include Page
    di:RH Navigation
    di:RH Navigation