Step 1: Adding Basic Audit Information


Overview


The first step in audit creation is providing basic information. After this step is completed by clicking Save, the setup can be paused for an indefinite amount of time and resumed when necessary. 


Creating the Audit


To create an audit, complete the following steps:

  1. In the left-hand navigation, click the New button, then select Audit.

Adding General Info


On the 1. Info step, under General Info, complete the following fields:

  1. Audit Title - This is the audit name and a required field that needs to be unique. The system prompts you to select another heading if there is a duplicate in your instance.

  2. Audit Manager - This can be a powerful field. Only those in Administrator, Editor and Contributor roles can be added. These users oversee the audit and get full access to all related requests and assessments. It defaults to the person creating the audit.

    NOTE

    To see how users added to the Audit Manager field can be selected as assessors or verifiers for the audit's assessments, please see Step 4: Generating Assessments.

  3. Related Program - This is the framework for the audit. If a program is chosen, it's mapped controls are then displayed for selection in Step 2. Scope. Making a selection also helps with reporting on a program's control efficiency. 

    NOTE

    To add only controls that have been evaluated in a past audit, leave Related Program blank. For more information on how to re-evaluate controls from a past audit, please see Step 2: Defining the Scope.


  4. Audit Type - Select External audit to share information with outside auditors. Select Internal audit when all assessors and verifiers are internal to your organization.

    NOTE

    For instances using the ZenGRC default storage, Google Drive storage, or customized Amazon Web Services (AWS) storage, the storage space for each audit is globally configured. For more information, please see Integrating Your Storage System. Those who connect to their own Box accounts are able to select the Box folder designated for each audit's evidence upload. Please see the Box information in Integrating Your Storage System.

  5. Auditors - This field was created for those outside your organization who only need access to this individual audit. Only those in an Administrator, Editor or Contributor role can be added. For external auditors, add them to your instance in a Contributor role so they can be selected for this field.
  6. Audit Firm - Enter the name of the external audit organization.
  7. Click Additional information to display date selectors for time frames.



    1. Start Date - This is to show when the audit process is supposed to start. It does not affect functionality.

    2. Audited Period - This helps to understand the time scope of the audit. It does not affect functionality.

Determining Request Location


If your organization has Jira or ServiceNow integrations, the area under Requests has those options. If selected, the requests are managed in the respective applications. Selecting ZenGRC allows all management and location of requests to be done in your ZenGRC instance.

Determining Evidence Location


ZenGRC allows multiple areas to be used for evidence storage. This setup can be done in Settings | Storage and is documented at Integrating Your Storage System.

Finalizing the Step


  1. Click Next. The page for defining the scope is displayed.

    TIP

    When you click Next, the audit is created and is located in the Draft Audit tab. 

    NOTE

    Continue to the next section - Step 2: Defining the Scope.

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com