• Product
      • ROAR Platform
      • ZenComply
      • ZenRisk
      • ZenGRC Platform
      • Risk Intellect
      • Pricing
    • Solutions
      • By Industry
        • Technology
        • Financial Services
        • Hospitality
        • Healthcare
        • Government
        • Education
        • Retail
        • Media
        • Insurance
        • Manufacturing
        • Oil & Gas
      • By Framework
        • Popular
          • ISO
          • PCI
          • SOC
          • COSO
          • SSAE 18
        • Privacy
          • CCPA
          • GDPR
        • Health Care
          • HIPAA
        • Government
          • NIST
          • FedRAMP
          • FERPA
          • CMMC
          • FISMA
        • Finance
          • SOX
          • COBIT
    • Success
      • GRC Experts
      • Customer Success
      • Services
    • Resources
      • Resource Center
      • Reciprocity Community
      • Newsroom
      • Events
      • Blog
      • Customer Stories
      • Content Registry
    • Company
      • About Us
      • Contact Us
      • Careers
      • Leadership
      • Trust Center
      • Partners
    Try it free
      Get a Demo Try it free

        Simplify Audits with Good Control Testing Habits

        Published April 29, 2021 • By Dave Schmoeller, GRC Expert and Director of Solutions Marketing • Blog
        Image

        The critical path for every audit is evidence collection. You can’t test controls until you gather the evidence – and with each piece of evidence tied to one or more controls, it can get complicated. So, how do you make it easier, more efficient and less expensive to run an audit?

        Build good control testing habits.

        The key to building good control testing habits – and simplifying the audit process – is to leverage technology to make it easier on you and your teams. Tools like Reciprocity’s ZenGRC platform enable teams to easily gather evidence required by the controls.

        ZenGRC’s usage-based benchmarks provide meaningful insight into how your organization compares to your peers. In particular, the Audit Efficiency benchmark shows comparisons of the average time to complete an audit by framework, issue count by framework, and level of effort dedicated to manage and support audits including evidence collection and reuse. This level of detail enables you to more easily build efficiencies within your audit processes.

        Another critical step in simplifying your audits: don’t wait for an audit to test your controls. Security isn’t a “point in time” event, so why would testing IT controls be a “point in time” activity? Continuous control monitoring gives you real-time control status, while reinforcing to the appropriate owners that they need to perform the control. Good control testing habits are built by continuously performing the control and producing the resulting evidence. This provides you with better, more real-time visibility into your controls and security posture, and builds up the evidence you need for your audits. Ultimately, you’ll need less effort and fewer resources to manage and support your audits, which will lower your costs.

        With the latest innovations in GRC solutions, it is easier than ever to automate a good amount of evidence collection work. One of our most recent partnerships is helping customers do just that. Neverfail offers a continuous control monitoring RPA solution that makes it easy to capture and test IT control evidence automatically. For example, their automated user access review (UAR) solution automatically pulls data from both your HR system and ActiveDirectory, synthesizes the two to data sets to identity exceptions (e.g., terminated employees with active user accounts), and then pushes the synthesized findings, raw evidence, control testing summary and full chain of custody into the ZenGRC platform for review by internal or external auditors. All of this is packaged in an evidence request in ZenGRC and mapped to relevant controls automatically, greatly reducing the effort required to test and validate this control.

        Building good control testing habits – and simplifying your audits – doesn’t have to be difficult. The right tools will enable you to continuously monitor and manage your frameworks – easily and efficiently.

        Latest Blog

        View All
        Image
        How to Choose a Compliance Management Tool

        Recommended

        Image
        How to Assess and Improve Your Cybersecurity Posture
        Image
        How to Avoid the Common Risks of Implementing New Software
        Image
        10 Common Types of Phishing Attacks and How to Identify Them

        GRC tips straight to your inbox

        Sign-up for the GRC Weekly Digest email featuring new blogs, GRC events, industry research, and more.

        Thank you for signing up for our newsletter! GRC Expertise is on its way!

        Recommended

        image
        Security

        Top 5 Best Internal Controls for Cyber Risk Mitigation

        Read more
        image
        Risk

        How Deep Learning Can Be Used for Malware Detection

        Read more
        image
        Risk

        Insider Threat Examples: 7 Real-Life Cases to Guide Your Cybersecurity Program

        Read more

        Get Cyber Risk Clarity Free and Easy

        ROAR Platform: Try it Free
        Reciprocity Logo
        Product
        • ROAR Platform
        • ZenComply
        • ZenRisk
        • ZenGRC Platform
        • Risk Intellect
        • Pricing
        Solutions
        • Industries
        • Frameworks
        Success
        • GRC Experts
        • Customer Success
        • Services
        Resources
        • Resource Center
        • Reciprocity Community
        • Newsroom
        • Events
        • Blog
        • Customer Stories
        • Content Registry
        Company
        • About Us
        • Contact Us
        • Careers
        • Leadership
        • Trust Center
        • Partners

        (877) 440-7971

        Contact Us

        (877) 440-7971

        Contact Us

        © 2022 All rights reserved

        Privacy Policy