Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview


The first step in the audit setup creation is providing basic information. The After this step is completed by clicking Save, the setup can be paused for an indefinite amount of time after this step is completed and resumed when there is enough data to continuenecessary
Image Removed
Image Added

Creating the Audit


To begin the creation of create an audit, complete the following steps:

  1. Click Audits in In the left-hand navigation to open the Audits page.
    Image Removed
    Click Create new dropdown box.
    Image Removed
    Select Internal audit or External audit.
    Tip
    titleTIP

    Select External audit for the ability to export information to outside auditors. This allows external auditors to prepare a Document Request List (DRL). Select Internal audit when all assessors and verifiers are internal to your organization and don't need the exported information for preparing a DRL. 

    Info
    titleNOTE

    In this step, internal and external audits are the same, with the exception that external audits include two additional fields for auditors and audit firms outside your organization.

Adding Basic Information

Image Removed

On the first step,
  1. , click the New button, then select Audit.

    Image Added

Adding General Info


On the 1. Info step, under General Info, complete the following fields:

  1. Audit titleTitle - Add a name for This is the audit . This is name and a required field .

    Tip
    titleTIP
    The audit title

    that needs to be unique. The system prompts you to select another heading if there is a duplicate in

    the system

    your instance.

  2. Audit

    managers

    Manager - This

    is the person who oversees this particular audit, and it

    can be a powerful field. Only those in Administrator, Editor and Contributor roles can be added. These users oversee the audit and get full access to all related requests and assessments. It defaults to the person creating the audit.

    If you are setting up an audit for someone else, set that person as Audit manager. This is a required field.

    Related program

    Info
    titleNOTE

    To see how users added to the Audit Manager field can be selected as assessors or verifiers for the audit's assessments, please see Step 4: Generating Assessments.


  3. Related Program - This is the framework for the audit. It is optionalIf a program is chosen, it's mapped controls are then displayed for selection in Step 2. Scope. Making a selection also helps with reporting on a program's control efficiency. 

    Info
    titleNOTE

    To add only controls that have been evaluated in a past audit, leave Related Program blank. For more information on how to re-evaluate controls from a past audit, please see Step 2: Defining the Scope.


  4. Audit Type - Select External audit to share information with outside auditors. Select Internal audit when all assessors and verifiers are internal to your organization.

    Info
    titleNOTE

    For instances using the ZenGRC default storage, Google Drive storage, or customized Amazon Web Services (AWS) storage, you no longer select a the storage space for each audit , as it is now globally configured. For more information, please see Integrating Your Storage System. Those who connect to their own Box accounts are still able to select the Box folder designated for each audit's evidence upload. Please see the Box information within in Integrating Your Storage System.

    The following fields only exist for an external audit:
  5. External auditors (optional) - Select ZenGRC users who need access to the visual display of an audit. If the person is outside your organization, they need to be added as a user in the system in order to be displayed.
  6. Audit firm (optional)


  7. Auditors - This field was created for those outside your organization who only need access to this individual audit. Only those in an Administrator, Editor or Contributor role can be added. For external auditors, add them to your instance in a Contributor role so they can be selected for this field.
  8. Audit Firm - Enter the name of the external audit organization.
  9. InfotitleNOTE

    Click Additional information to display date selectors for time frames.

    Image Added

    1. Start Date - This is to show when the audit process is supposed to start. It does not affect functionality.

    2. Audited Period - This helps to understand the time scope of the audit. It does not affect functionality.

      Image Added

Determining Request Location


If your organization has

configured ZenGRC to communicate with your Jira instance, you may have an additional selection in the first step. Please see Creating a Jira Audit. Info
titleNOTE
If your organization has configured ZenGRC to communicate with ServiceNow, you may have an additional selection in the first step. Please see ServiceNow Integration.

Jira or ServiceNow integrations, the area under Requests has those options. If selected, the requests are managed in the respective applications. Selecting ZenGRC allows all management and location of requests to be done in your ZenGRC instance.

Image Added

Determining Evidence Location


ZenGRC allows multiple areas to be used for evidence storage. This setup can be done in Settings | Storage and is documented at Integrating Your Storage System.

Image Added

Finalizing the Step


  1. Click Next. The page for defining the scope is displayed.

    Tip
    titleTIP
    When you click Next, the audit is created and is located in the Draft Audit tab. 


    Info
    titleNOTE
    Continue to the next section - Step 2: Defining the Scope.