Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


Page Contents



Overview

One of the keys to a successful ZenGRC audit is understanding workflows of items that play crucial roles. This also includes knowing how to set up email notifications in a way that work for your organization.

The following are objects that utilize email notifications:

  • Requests - Requests are created to collect evidence on the effectiveness of controls. 
  • Assessments - Once requests are completed, users assigned to assessments review the evidence and decide whether the controls are effective or ineffective.
  • Tasks - Tasks are not specific to audits, but they can play an important part in information gathering. Their workflow is the same as requests. 

For full definitions of these objects and others, please see ZenGRC Definitions.

Audit User Assignment Fields

In the audit itself, there are two fields where users in Administrator, Editor or Contributor roles may be placed for additional functionality and visibility within the audit. These are assigned during Step 1: Adding Basic Audit Information when an audit is created.

Audit Manager

  • This field defaults to the person who created the audit, but other users can be selected.
  • Users in this field can create and edit most fields of objects related to the audit, which includes requests, assessments, tasks, and issues.
  • If users in this field are assigned to a Contributor role (recommended for external users), the following permissions apply:
    • In the Audits module, they only see the audit to which they're assigned.
    • They have read access to the first level of objects mapped to the audit.
    • They cannot delete the audit itself or any of the mapped objects.
    • They cannot override the statuses of the audit, assessments, requests or tasks.
  • If users in this field are assigned to an Administrator or Editor role, they still have all read/write/delete global permissions already available to them.
  • This field differs from the Auditors field in that it can be selected during audit setup to be the default assessor or default verifier of all assessments. 

Auditors 

  • This field is empty by default, but other users can be selected.
  • The remaining permissions mirror the Audit Manager as explained above, with the exception that this field cannot be selected as default assessor or default verifier of assessments.

Workflow for Items Within the Audit

To understand workflows for items in an audit, please consider the following:

  1. Tasks and requests workflows are described together in the To-Do List documentation. Please see Workflow for Requests and Tasks.
  2. Assessments function slightly different and are explained separately in the To-Do List documentation. Please see Workflow for Assessments.
  3. Once item workflows are understood, please review Email Notifications to determine how to configure notifications so they best serve your organization's needs.

NOTE

After you understand workflows, you are ready to create an audit. Continue to Creating an Audit.



Other Helpful Content

•  Access and User Assistance 
•  System of Record List Views  
•  Actions on the Details Page 
•  Creating New Objects 
•  Favorites 
•  Quick Tips for End Users (Printable) 
•  Searching the Left-Hand Navigation

  • No labels

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com