Step 3: Exporting Audit Data or Setting up a Template

Overview

This step differs between external and internal audits.

For an external audit, this is the step to export data in a CSV file showing the relationship between the objectives and controls. The CSV file can then be sent to external auditors who use it to structure the Document Request List (DRL).

For an internal audit, this is the step to set up a template used for gathering information necessary for the type of internal audit being conducted.

External Audit - Exporting Audit Data

To export audit data for an external audit, complete the following steps:

1. Click Export Audit Data. The CSV file will open or download in the manner you've specified in your browser.
   
   
   
   

2. Click Close to pause the audit. This puts the audit in a draft state.

   NOTE

   To locate a draft audit, please see Finding Draft Audits.

   
   
   

3. Send the CSV file to your auditor who will then provide you with a Document Request List (DRL).
4. Once the DRL is received from the external auditors, resume audit set up with Step 4: Setting up Audit Requests.

5. Alternatively, click any of the circled step numbers at the top of the screen to continue with audit setup.

Audit Data

The audit data is structured to show your external auditors how your organization's controls map to the objectives in your compliance program. It can also help them arrange an interview schedule with relevant control owners.

The following are the column headings in the CSV file:

• Control Code
• Control Title
• Control Description
• Control Owner
• Objective Code
• Objective Title
• Objective Description

Exporting Data After the Initial Export

There may be several reasons for exporting a CSV file after it's been initially exported.

1. Click the circled number or green check mark displayed at the top of the audit set up page.
   
   

   TIP

   If the step has been completed, a green check mark displays instead of the step number.

   
   
   
   

2. Click Need to export audit data again?
   
   

Internal Audit - Setting Up an Assessment Template

To set up default assessors and verifiers in assessments, complete the following steps:

1. Default assessors - This is the person conducting the testing and whose name is placed in the Assessor field of the assessments that will be generated when the audit is activated.
   
   
   
   Depending on the selection, Default assessors pulls names from the following fields in ZenGRC: 
   1. Selecting Control owner pulls in names from the Owner field for the control being assessed.
   2. Selecting Audit managers pulls in names added to the same field in Step 1 of audit setup. The following screenshot is from Step 1 and displays the audit manager.
      
      
      
      
   3. Selecting Primary Contact selects the person listed in the Primary contact field of the control being assessed.
   4. Selecting Secondary Contact selects the person listed in the Secondary contact field of the control being assessed.
   5. Selecting Other leaves the Assessor field blank for all assessments generated.

2. Default verifiers - This is the person reviewing evidence supplied and whose name is placed in the Verifier field of the assessments.
    
   
   
   Depending on the selection, Default verifiers pulls names from the following fields in ZenGRC: 

   1. Selecting Audit managers pulls in names added to the same field in Step 1 of audit setup.
   2. Selecting Other leaves the Verifier field blank for all assessments generated.

   3. Selecting None leaves the Verifier field blank for all assessments generated.
       

      NOTE

      Continue to the next section - Step 4: Setting up Audit Requests.