Introduction to Audits

Benefits

ZenGRC addresses hardships surrounding audits and enables compliance teams to efficiently manage and report the results. Utilizing the application for audits fulfills three main functions:

• Visibility into audit progress - How close is the team to completing audit-related assignments?
• Clarity on audit issues - What's broken? How can it be fixed, and what's the status?
• Exposure of compliance posture - How effective are my controls? 

Overview

The Audits module allows for the following activities:

• Import or create evidence requests - Easily import requests with personnel assignments who are to supply evidence of control effectiveness.
• Evidence collection - Managing a Document Request List (DRL) is an extensive project management endeavor for external audits. ZenGRC allows you to import a DRL from your auditor, so you can collect, verify/decline evidence, and escalate the request if no action is taken.
• Testing and concluding on the effectiveness of controls - Once evidence is submitted, it's straightforward to determine whether your controls are operating effectively.
• Issue management - Internal and external auditors often discover gaps, findings, and issues. ZenGRC allows you to set up workflows so you can remediate them and keep track of the process.
• Reporting - ZenGRC allows you to export all data surrounding the audit progress.
• Add or remove headings - Make selections to instantly display information that better serve your organization's needs.
  
  

Accessing Audits

This Audits page provides a more visual representation of your audits, with graphs and metrics surrounding control effectiveness, completed requests, and issue statuses. All your information is a click away with easy-to-understand visuals of an audit's progression.

To access Audits, complete the following steps:

1. Click Audits in the left-hand navigation.
   
   
   
   

2. The Audits page displays all active audits with graphs and metrics.
   
   
   
   

   NOTE

   To locate a draft audit, please see Finding Draft Audits.

The Audits Summary Page

The Audits summary page displays after opening an individual audit from the Audits module. It looks similar to the display on the main Audits page with the exception that it has additional headings and is the only audit on the page.

To access the Audits summary page, complete the following steps:

1. Scroll to the audit and click the name.

2. Alternatively, click the arrow beside the All Audits dropdown and select the desired audit.

3. The Audit summary page displays for the selected audit.
   
   
   
   

   NOTE

   Editing an audit can be done on the Audits summary page and is documented in Managing Audits.

Accessing the Audits System of Record Page

The System of Record provides a list view of all audits, which enables you to perform multiple activities directly on the page without clicking into an individual item. All audits, whether they are active, complete, or draft, are displayed together and can be sorted by the user.

To access the list view of audits in the system, complete the following steps:

1. Click System of Record | Audits (under the Audit Management heading) in the left-hand navigation.
   
   
   
   

2. The Audits System of Record page displays with line items of all audits in the application.
   
   
   

3. Clicking a linked audit opens the item on the Details page.
   
   

   NOTE

   For instructions on how to edit and manage audits from the System of Record page, please see Fundamentals of Navigating and Editing and System of Record List Views.

   NOTE

   Continue to the next section - Understanding Audit Workflow Roles.