Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

Overview


This step differs between external and internal audits.

For an external audit, this is the step to export data in a CSV file showing the relationship between the objectives and controls. The CSV file can then be sent to external auditors who use it to structure the Document Request List (DRL).

For an internal audit, this is the step to set up a template used for gathering information necessary for the type of internal audit being conducted.

External Audit - Exporting Audit Data


To export audit data for an external audit, complete the following steps:

  1. Click Export Audit Data. The CSV file will open or download in the manner you've specified in your browser.



  2. Click Close to pause the audit. This puts the audit in a draft state.

    NOTE

    To locate a draft audit, please see Finding Draft Audits.




  3. Send the CSV file to your auditor who will then provide you with a Document Request List (DRL).
  4. Once the DRL is received from the external auditors, resume audit set up with Step 4: Setting up Audit Requests.
  5. Alternatively, click any of the circled step numbers at the top of the screen to continue with audit setup.

Audit Data

The audit data is structured to show your external auditors how your organization's controls map to the objectives in your compliance program. It can also help them arrange an interview schedule with relevant control owners.

The following are the column headings in the CSV file:

  • Control Code
  • Control Title
  • Control Description
  • Control Owner
  • Objective Code
  • Objective Title
  • Objective Description

Exporting Data After the Initial Export

There may be several reasons for exporting a CSV file after it's been initially exported.

NOTE

To locate a draft audit, please see Finding Draft Audits.

To generate another file with audit data, complete the following steps:

  1. Click the circled number or green check mark displayed at the top of the audit set up page.

    TIP

    If the step has been completed, a green check mark displays instead of the step number.




  2. Click Need to export audit data again?

Internal Audit - Setting Up an Assessment Template


TIP

These are the fields that display for each control in an audit and are used to rate the control's effectiveness.

TIP

All of the information in this step is optional. To bypass setting up assessors, verifiers, and custom template fields, click Next to continue with the next step, or click any of the circled step numbers at the top.



To set up an assessment template for an internal audit, complete the following steps:

  1. Select an assessor in the Default assessors dropdown menu. This is the person conducting the testing and defaults to Control owner.
  2. Select a verifier in the Default verifiers. This is the person reviewing evidence supplied.

    TIP

    If the audit does not require custom assessment fields, click Next to continue audit setup.

Adding Custom Fields to the Assessment Template

To create custom assessment areas in the template, complete the following steps:

  1. Enter a Field title. This describes the name of your customized field.
  2. Select the Field type in the dropdown menu. This allows you to designate how the response will be handled in the template and include the following:
    • Text
    • Rich Text
    • Date
    • Checkbok
    • Dropdown
    • Map:Person
  3. Click Make this field mandatory to require a response in the template.



  4. Click Next to continue with audit set up.
  5. Alternatively, click Add Field to continue creating customized fields.

    NOTE

    Continue to the next section - Step 4: Setting up Audit Requests.
  • No labels