Organizations often need to determine which audits are to be conducted in a given time period under a specific scope. As part of audit planning, audit programs are initiated, planned, and approved. Then, once an audit plan is approved, audits are then executed against the plan. Upon completion, users are able to see what was in the approved plan versus what was accomplished.

Audit Program Object

Using the Audit Program object, you can initiate, plan, and approve audit programs for execution for a determined time period. Once the Audit Program record enters a specified state, Vault automatically creates Audit object records based on Proposed Audit record data within the Audit Program. Users can then conduct Audits and, as the Audit record moves through its lifecycle, related Proposed Audits on the Audit Program record are updated, tracking their execution.

For example, an audit planner at an organization is tasked with scoping the next quarter’s audits. The audit planner first creates an Audit Program object record with the name “Audit Program Q3 2020”, filling out the field data that their organization has determined is necessary. The audit planner then creates one or more Proposed Audit related records, then populates the Proposed Audit records with more specific metadata. Then, when Audit Program Q3 2020 eventually enters a specified state, for example, In Execution, Vault automatically creates an Audit object record for each Proposed Audit record in the program. These Audit records carry over data from their source Proposed Audit record.

Proposed Audits

Proposed Audit records represent the audits that you are planning within an audit program. By default, Vault supports the Internal Audit and External Audit object types. When Vault creates Audit records, the system copies certain data over from the source Proposed Audit record.

Vault may copy the following field values from the Proposed Audit record if configured by an Admin to do so:

  • Auditee
  • Planned Start Date
  • Planned End Date

Vault also copies values for any fields with identical Name values on both the Proposed Audit and Audit objects.

Unplanned Audits

Depending on your organization’s processes, there may be a situation where there are additional audits not created by automation that you wish to include in the Audit Program record. If configured by an Admin, you can create them from the Audit Program record.

Creating an Audit Program

To create an Audit Program:

  1. Navigate to the Audit Program custom object tab or to Business Admin > Audit Program.
  2. Click Create.
  3. Fill in the required details.
  4. Click Save.
  5. Optional: In the Proposed Audits section, create one or more Proposed Audit related records. If configured by an Admin, you can alternately perform the Create Proposed Audits user action.
  6. Optional: In the Unplanned Audits section, click Create and add any Audit records that belong within this Audit Program but were not created by Audit Program Planning automation.

You can continue adding Proposed Audits and unplanned Audits after creating the Audit Program record.

Create Proposed Audits User Action

The Create Proposed Audits user action queries your Vault for applicable Organizations and creates Proposed Audit records with pre-populated data, reducing the need for manual Proposed Audit record creation on the Audit Program. The action configuration options defined by your Admin determine the object type of the resulting Proposed Audit records. They also limit their scope by Organization state and field data criteria, including object type, state, date, and more.

The action creates up to 300 Proposed Audits at a time, and can be re-executed if there are additional records that need to be created. If the Proposed Audits use a Quality Team cascade from the Audit Team, those values will transfer to the Proposed Audits created via this action.

When you execute the action, you may be prompted to provide Organization object field values on which to match. A typical configuration might prompt you to select a Country value, and create Proposed Audits for Organizations with a Next Scheduled Audit Date between the Planned Start Date and Planned End Date on the Audit Program record.

Vault assigns the User that executes this action as the Owner of all the resulting Proposed Audits. You must have Read permission on any related object field for which you are prompted in order to select values.

The following permissions control your ability to create and modify Audit Programs and Proposed Audits:

Type Permission Label Controls
Security Profile Object: Audit Program Ability to view, create, edit, and delete Audit Programs.
Security Profile Object: Proposed Audit Ability to view, create, edit, and delete Proposed Audits.