- Created by Tristan Mohn, last modified on Oct 31, 2018
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 41 Next »
Page Contents
Overview
This step allows you to add all evidence requests at once. Audit tasks and evidence requests are created in an audit by importing a template containing the required data. Then, those tasks and requests are mapped to the scoped controls.
IMPORTANT
For this step in audit creation, it is critical that your organization already has the framework for your compliance program set up in ZenGRC. Evidence gathering is one of the prime reasons for conducting an audit, and this step assigns evidence requests for effectiveness of controls, which are scoped to your program's objectives. Although there are no constraints in the application stopping you from skipping this step, remember that requests are an integral part of an audit.
This step actually contains several sub-steps within it. They include the following activities, which are outlined on this page:
Downloading the import template.
TIP
For an external audit, use the import template to transfer information from the Document Request List (DRL), which was received from your external auditors.
TIP
For an internal audit, use the import template to add requests and tasks you feel are pertinent to your internal compliance program.
- Completing the template.
- Importing the template into ZenGRC.
- Mapping the imported requests to the scoped controls.
The Import Requests Template
ZenGRC supplies the import requests template with preformatted headings describing the information you need to enter to fulfill the audit requirements.
Downloading the Template
To download the import requests template, complete the following step:
- Click click here to download it link. The CSV file will open or download in the manner specified in your browser.
Completing the Template
For an external audit, transfer the DRL information into the import template using provided headings.
For an internal audit, add requests and tasks surrounding the audit into the import template using provided headings.
IMPORTANT
If your organization has configured ZenGRC to communicate with Jira or ServiceNow, review those instructions for completing the requests template. Please see Creating a Jira Audit or ServiceNow Integration.
The request import template contains the following fields:
- Request - This is the type of data you are importing. The cells under this heading stay blank.
- Title - This must be unique for every request so users can easily identify specific tasks when looking at a large amount of requests. The title limit is 250 characters. This is a required field.
- Description - An optional field for instructions on the evidence-collection task.
- Notes - An optional field for additional remarks.
Assignee - The user's email who will be fulfilling the evidence request. Make sure the email is already set up in the ZenGRC application. When a request is assigned or when comments are added to the request, the assignee receives notifications. This is a required field.
- Reviewers - An optional field for a review prior to the verifier, who accepts or rejects the evidence.
Verifier - An optional field for who should verify this evidence request. Fill in the user's email. Make sure this user has an account with this email in ZenGRC. Users receive email notifications when the assignee submits evidence or when there are new comments.
Starts On - A required date field for when the request starts. If empty, the application posts a warning and will fill in the blank with the date the template is uploaded. The format should be MM/DD/YYYY. This is a required field.
- Due On - A date field for when the request is due. The format should be MM/DD/YYYY. ZenGRC uses this data for overdue calculations and warnings.
IMPORTANT
Save this file with a CSV extension to your local machine for easy import.
Importing the Template
To import the template containing audit requests, complete the following steps:
- Click Choose CSV to Import Requests.
- Select the template saved in the previous section.
Click Open. The application displays a message with import information.
TIP
If there are any errors, they will be displayed in red text.
- Click Import Requests.
- The page refreshes with import results and columns for mapping controls.
Alternatively, click Cancel to cancel the import.
Mapping Requests to Scoped Controls
Once you have imported the template with requests into the system, the page displays to map them to audit controls.
The page for mapping requests to an audit is comprised of three columns as follows:
In-Scope Controls – These are controls scoped to the audit in the second step.
TIP
A red box with a “0” indicates that the control has no associated requests and needs attention.
- Requests Mapped to the Control – This contains all requests mapped to the in-scope control. The column is blank when the page is initially accessed since the imported requests have not yet been mapped.
Requests to Map – These are requests added to the template and imported for the audit. Any imported request can be mapped to any control within the audit.
NOTE
Additional requests can be imported from the Audits module during an audit.
Mapping Requests
To map requests to a scoped control, complete the following steps:
Select a control in the In-Scope Controls column.
TIP
Selecting a control displays all mapped and unmapped requests to that specific control.
- Click the plus button on a request in the Requests to Map column.
- The request moves to the Requests Mapped to the Control column and is now scoped to the control.
- Continue until all appropriate requests are mapped to the control.
- Select another control in the In-Scope Controls column and repeat the process.
NOTE
Once all requests are mapped to the controls, you can finish this step. Please see Completing the Step.
Removing Requests
To remove requests from a scoped control, complete the following steps:
- Select a control in the In-Scope Controls column. This displays all associated controls.
- In the Requests Mapped to the Control column, click the minus button beside the control to be removed.
- The request is removed from the control and added to the Requests to Map column.
Displaying Descriptions
To read descriptions of any control or request displayed, complete the following steps:
- Select an objective in the In-Scope Controls column.
- Click the Details link. The description displays and the link says Hide Details.
- Alternatively, click Hide Details to remove the description from display.
Completing the Step
The step is ready for completion after requests have been imported and then mapped to scoped controls.
To complete this step and continue to the review, complete the following:
Click Next. The Review page displays.
- No labels