Overview
This is the initial step in the audit setup and contains basic information. The setup can be paused for an indefinite time after this step and resumed when there is enough data to continue.
To begin the creation of an audit, complete the following steps:
- Click Audits in the left-hand navigation to open the Audits page.
- Click Create new dropdown box.
Select Internal audit or External audit.
TIP
Select External audit for the ability to export information to outside auditors. This allows external auditors to prepare a Document Request List (DRL). Select Internal audit when all assessors and verifiers are internal to your organization and don't need the exported information for preparing a DRL.
NOTE
In this step, internal and external audits are the same, with the exception that external audits include two additional fields for auditors and audit firms outside your organization.
- Complete the following fields:
Audit title - Add a name for the audit. This is a required field.
TIP
The audit title needs to be unique. The system prompts you to select another heading if there is a duplicate in the system.- Audit managers - This is the person who oversees this particular audit, and it defaults to the person creating the audit. If you are setting up an audit for someone else, set that person as Audit Manager. This is a required field.
- Related program - This is the framework for the audit. It is optional.
Set evidence destination folder - Select the storage area where evidence data will be placed.
NOTE
ZenGRC is the default storage space and is the preferred choice to store your audit data. For answers to your questions regarding this platform, please see ZenGRC Storage Security FAQs.
NOTE
For Google Drive integrations, please make sure to configure folder permissions so users can upload evidence. Please see the instructions on the Google Drive website.
NOTE
For Box integrations, there are additional steps to take prior to setting up an audit. Please see Box Storage Integration.
- The following fields only exist for an external audit:
- External auditors (optional) - Select ZenGRC users who need access to the visual display of an audit. If the person is outside your organzation, they need to be added as a user in the system for them to be displayed.
Audit firm (optional) - Enter the name of the audit organization.
NOTE
If your organization has configured ZenGRC to communicate with your Jira instance, you may have an additional selection in the first step. Please see Creating a Jira Audit.
Click Next. The page for defining the scope is displayed.
TIP
When Next is clicked, the audit is created and is located in the Draft Audit tab.NOTE
Continue to the next section - Step 2: Defining the Scope.