Organizations often need to determine which audits are to be conducted in a given time period under a specific scope. As part of audit planning, audit programs are initiated, planned, and approved. Then, once an audit plan is approved, audits are then executed against the plan. Upon completion, users are able to see what was in the approved plan versus what was accomplished.
Audit Program Object
Using the Audit Program object, you can initiate, plan, and approve audit programs for execution for a determined time period. Once the Audit Program record enters a specified state, Vault automatically creates Audit object records based on Proposed Audit record data within the Audit Program. Users can then conduct Audits and, as the Audit record moves through its lifecycle, related Proposed Audits on the Audit Program record are updated, tracking their execution.
For example, an audit planner at an organization is tasked with scoping the next quarter’s audits. The audit planner first creates an Audit Program object record with the name “Audit Program Q3 2020”, filling out the field data that their organization has determined is necessary. The audit planner then creates one or more Proposed Audit related records, then populates the Proposed Audit records with more specific metadata. Then, when Audit Program Q3 2020 eventually enters a specified state, for example, In Execution, Vault automatically creates an Audit object record for each Proposed Audit record in the program. These Audit records carry over data from their source Proposed Audit record.
Proposed Audits
Proposed Audit records represent the audits that you are planning within an audit program. By default, Vault supports the Internal Audit and External Audit object types. When Vault creates Audit records, the system copies certain data over from the source Proposed Audit record.
Vault may copy the following field values from the Proposed Audit record if configured by an Admin to do so:
- Auditee
- Planned Start Date
- Planned End Date
Vault also copies values for any fields with identical Name values on both the Proposed Audit and Audit objects.
Unplanned Audits
Depending on your organization’s processes, there may be a situation where there are additional audits not created by automation that you wish to include in the Audit Program record. If configured by an Admin, you can create them from the Audit Program record.
Creating an Audit Program
To create an Audit Program:
- Navigate to the Audit Program custom object tab or to Admin > Business Admin > Audit Program.
- Click Create.
- Fill in the required details.
- Click Save.
- Optional: In the Proposed Audits section, create one or more Proposed Audit related records.
- Optional: In the Unplanned Audits section, click Create and add any Audit records that belong within this Audit Program but were not created by Audit Program Planning automation.
You can continue adding Proposed Audits and unplanned Audits after creating the Audit Program record.
Related Permissions
The following permissions control your ability to create and modify Audit Programs and Proposed Audits:
|
Type |
Permission Label |
Controls |
|
Security Profile |
Object: Audit Program |
Ability to view, create, edit, and delete Audit Programs. |
|
Security Profile |
Object: Proposed Audit |
Ability to view, create, edit, and delete Proposed Audits. |