Audit

Audit

An audit is created to survey a business process that has a risk. Therefore audits are usually part of the Risk Perspective only.

An audit can have a name. An audit can be associated to multiple Objects.

An audit uses the [Process]es, [Objective]s, [Control]s and [Test]s from the [Repository]. If a process is added to an audit, then all the associated objectives, controls and tests can also be added automatically to the audit. If an objective is added to an audit, then the associated controls and tests can also be added to the audit. If a controls is added to an audit then the associated tests can also be added to the audit.

Any objective, control or test can be rearranged to be associated to another process, objective, control. However, a rearrangement is not reflected in the Repository and is only present in that particular audit.

For every test that is present in an audit, there are test results, [Finding]s and [Recommendation]s that can be input. The [User] that inputs this data is automatically stored.

There can be multiple [User]s that conduct an audit

An overview of all the audits is available via the [Audit Map].