Benefits
ZenGRC addresses hardships surrounding audits and enables compliance teams to efficiently manage and report the results. Utilizing the application for audits fulfills three main functions:
Visibility into audit progress - How close is the team to completing audit-related assignments?
- Clarity on audit issues - What's broken? How can it be fixed, and what's the status?
- Exposure of compliance posture - How effective are my controls?
IMPORTANT
It is critical that your organization has already set up your compliance program framework in ZenGRC and has set it up in the Program Onboarding wizard prior to conducting an audit. This allows you to select controls in an audit that are important to your organization and then gather evidence to verify their effectiveness. For more information, contact us at support@reciprocitylabs.com.
Overview
The Audits module allows for the following activities:
- Import or create evidence requests - Easily import requests with personnel assignments who are to supply evidence of control effectiveness.
- Evidence collection - Managing a Document Request List (DRL) is an extensive project management endeavor for external audits. ZenGRC allows you to import a DRL from your auditor, so you can collect, verify/decline evidence, and escalate the request if no action is taken.
- Testing and concluding on the effectiveness of controls - Once evidence is submitted, it's straightforward to determine whether your controls are operating effectively.
- Issue management - Internal and external auditors often discover gaps, findings, and issues. ZenGRC allows you to set up workflows so you can remediate them and keep track of the process.
- Reporting - ZenGRC allows you to export all data surrounding the audit progress.
- Add or remove headings that better serve your organization's needs.
TIP
For additional information regarding ZenGRC audit structure and process flow, see ZenGRC Diagrams.
NOTE
Different Audit Views
There are two different Audits page displays: the Audits visual display, and the Audits list view.
NOTE
The screenshot below illustrates the Audits visual display page.
NOTE
The screenshot below illustrates the Audits list view page. This is primarily for administrators.
Opening Audits Visual Display
This Audits page provides a more visual representation of your audits, with graphs and metrics surrounding control effectiveness, returned requests, and the status of issues. All of your information is a click away with easy-to-understand visuals of an audit's progression.
To access the Audits visual display page, complete the following steps:
- Click Audits in the left-hand navigation.
- The Audits page displays with graphs and metrics.
NOTE
Opening an Audit Summary Page
The Audit summary page looks similar to the display on the Audits home page with the exception that opening an individual audit has additional headings and is the only audit on the page.
To access the Audit summary page, complete the following steps:
Scroll to the audit and click the name.
Alternatively, click the arrow beside the All Audits dropdown and select the desired audit.
The Audit summary page displays for the selected audit.
NOTE
Much editing for an audit can be done on the Audit summary page and is documented in Managing an Audit.
Opening the Audits List View Page
This Audits page list view enables you to perform multiple activities directly on the page without clicking into an individual item. All audits, whether they are active, complete, or draft, are displayed together and can be sorted by the user.
NOTE
This view is for administrators who may be managing multiple audits at once.
To access the list view of audits in the system, complete the following steps:
- Select System of Record | Audits (under the Audit Management heading) in the left-hand navigation.
The Audits list view page displays with line items of all audits in the application.
NOTE
For general instructions on how to edit and manage audits directly from the list view, see Navigating, Editing and Bulk Actions.
NOTE
Continue to the next section - Creating an Audit.