In ZenGRC version 220.127.116.11, we’ve re-imagined the audit module with deeper, more practical functionality.
Keep track of test plans
We now allow you to assess controls based on their test plan, and create both requests and issues based off these investigations.
When creating and updating controls, you’ll notice a new stock attribute, called Test Plan. This field is important because it gets pulled into control assessment in Audit module when you are ready to create an Audit.
Remediate test plan results
If you open the Audit module and LHN (left hand navigation), you’ll notice 2 new objects:
- Control assessments
Control assessments can be generated in an Audit based off in-scope controls that are mapped to any given program. “In-scope controls” simply mean the controls currently mapped to the program. Control assessments will generate and be mapped to each respective control. You can also create control assessments for cherry-picked individual controls in the Audit/control assessment tab, for any controls outside of the in-scope Program controls.
To generate control assessments for an audit based on your in-scope controls, just go to the In Scope Controls tab and click on the up-arrow to create your list of corresponding control assessments:
Each control assessment will be mapped to both a control and an audit. Depending on the control’s test plan, you’ll want to map other objects such as systems, policies and processes to the control assessment as well, to provide evidence for test findings.
Based on the results of your control assessment findings, you’ll then be able to indicate the effectiveness of the control, for both design and operation.
Track effectiveness of controls
There are 2 stock drop-down menu’s in each control assessment object to track your findings for the design of the test plan and the operational history of the control:
Create Issues and/or Requests
After you indicate the effectiveness of the control, you’ll now be able to not only create requests, but also issues.
Requests remain part of existing ZenGRC functionality. You can upload a PBC list to an audit to batch-generate a list of requests that show up in everyone’s dashboard.
Issues are new objects, and they can be created in 2 ways:
- First, within an audit, issues can be created once the findings for a control assessment are documented. Within an audit, issues will always be automatically mapped to its respective control, audit, program and control assessment. An audit-generated issue will also pull the test plan from the mapped control.
- Second, you can create issues independent of an audit. These issues can also double as incidents, as they don’t require mappings to a control assessment, program and audit. They can live in your system-of-record independent of those audit objects, and be mapped to workflows for issues tracking and management. They can also be mapped to other issues to show those dependencies.
Possible mappings relationship between new audit objects
An illustration of a mappings possibility with our new audit objects:
Help modal for the object filter
Use the new these help tips to construct a boolean search. This will allow you to filter down a long list of objects in with more precision:
Ability to close the info panel
From left to right, you can minimize, restore, maximize, or close an object info panel.
We now send email notifications with HTML design, instead of the simple text emails. This improves readability.