# Working with Audit Programs (QMS)

Organizations often need to determine which audits are to be conducted in a given time period under a specific scope. As part of audit planning, audit programs are initiated, planned, and approved. Then, once an audit plan is approved, audits are then executed against the plan. Upon completion, users are able to see what was in the approved plan versus what was accomplished.

## Audit Program Object

Using the _Audit Program_ object, you can initiate, plan, and approve audit programs for execution for a determined time period. Once the _Audit Program_ record enters a specified state, Vault automatically creates _Audit_ object records based on _Proposed Audit_ record data within the _Audit Program_. Users can then conduct _Audits_ and, as the _Audit_ record moves through its lifecycle, related _Proposed Audits_ on the _Audit Program_ record are updated, tracking their execution.

For example, an audit planner at an organization is tasked with scoping the next quarter's audits. The audit planner first creates an _Audit Program_ object record with the name "Audit Program Q3 2020", filling out the field data that their organization has determined is necessary. The audit planner then creates one or more _Proposed Audit_ related records, then populates the _Proposed Audit_ records with more specific metadata. Then, when _Audit Program Q3 2020_ eventually enters a specified state, for example, _In Execution_, Vault automatically creates an _Audit_ object record for each _Proposed Audit_ record in the program. These _Audit_ records carry over data from their source _Proposed Audit_ record.

### Proposed Audits

_Proposed Audit_ records represent the audits that you are planning within an audit program. By default, Vault supports the _Internal Audit_ and _External Audit_ object types. When Vault creates _Audit_ records, the system copies certain data over from the source _Proposed Audit_ record.

Vault may copy the following field values from the _Proposed Audit_ record if configured by an Admin to do so:

  * _Auditee_
  * _Planned Start Date_
  * _Planned End Date_

Vault also copies values for any custom (`__c`) fields with identical _Name_ values on both the _Proposed Audit_ and _Audit_ objects.

### Unplanned Audits

Depending on your organization's processes, there may be a situation where there are additional audits not created by automation that you wish to include in the _Audit Program_ record. If configured by an Admin, you can create them from the _Audit Program_ record.

## Creating an Audit Program

To create an _Audit Program_:

  1. Navigate to the _Audit Program_ custom object tab or to **Business Admin > Objects > Audit Programs**.
  2. Click **Create**.
  3. Fill in the required details.
  4. Click **Save**.
  5. Optional: In the **Proposed Audits** section, create one or more _Proposed Audit_ related records.  If configured by an Admin, you can alternately perform the [**Create Proposed Audits**][1] user action.
  6. Optional: In the **Unplanned Audits** section, click **Create** and add any _Audit_ records that belong within this _Audit Program_ but were not created by Audit Program Planning automation.

You can continue adding _Proposed Audits_ and unplanned _Audits_ after creating the _Audit Program_ record.

### Create Proposed Audits User Action {#create-proposed-audits}

The **Create Proposed Audits** user action queries your Vault for applicable _Organizations_ and creates _Proposed Audit_ records with pre-populated data, reducing the need for manual _Proposed Audit_ record creation on the _Audit Program_. The action configuration options defined by your Admin determine the object type of the resulting _Proposed Audit_ records. They also limit their scope by _Organization_ state and field data criteria, including object type, state, date, and more.

The action creates up to 300 _Proposed Audits_ at a time, and can be re-executed if there are additional records that need to be created. If the _Proposed Audits_ use a Quality Team cascade from the Audit Team, those values will transfer to the _Proposed Audits_ created via this action.

When you execute the action, you may be prompted to provide _Organization_ object field values on which to match. A typical configuration might prompt you to select a _Country_ value, and create _Proposed Audits_ for _Organizations_ with a _Next Scheduled Audit Date_ between the _Planned Start Date_ and _Planned End Date_ on the _Audit Program_ record.

Vault assigns the _User_ that executes this action as the Owner of all the resulting _Proposed Audits_. You must have _Read_ permission on any related object field for which you are prompted in order to select values.

## Related Permissions

The following permissions control your ability to create and modify _Audit Programs_ and _Proposed Audits_:

|Type|Permission Label|Controls|
|--- |--- |--- |
|Security Profile|Object: Audit Program|Ability to view, create, edit, and delete _Audit Programs_.|
|Security Profile|Object: Proposed Audit|Ability to view, create, edit, and delete _Proposed Audits_.|

  [1]: #create-proposed-audits