Skip to content

Audit Management (Shared Content)🔗

Purpose🔗

In Audit Management you define which audits are to be conducted when, by whom, and with what scope. This includes the audit calendar, the selection of audit items, and the objects to be audited (e.g. departments, processes, locations, assets).

Usage🔗

  1. Open the Audit Management → Audit Creation section.
  2. Create a new audit or select an existing one.
  3. Define the basic parameters:
    • Title and description
    • Time period / audit day(s)
    • Responsible persons (audit lead, auditors)
  4. Select the audit items (e.g. controls, requirements, chapters).
  5. Link the relevant objects:
    • Processes
    • Software
    • Hardware
    • Service Providers
    • Infrastructure
    • Data
  6. The audit is saved after defining the basic parameters.

Notes & Best Practices🔗

  • Plan audits early and, where possible, in alignment with other reviews (e.g. ISO audit, internal audit) to avoid duplicate effort.
  • Use recurring audits (e.g. annual reviews) to continuously track improvements.

Purpose🔗

In the Execution, Approval & Evaluation section you document the audit results: findings, assessments, recommended measures, and the final approval. This is where the actual audit evidence for internal and external auditors is created.

Usage – Execution🔗

  1. Open the desired audit in the Execution section.
  2. Systematically go through the audit items and document:
    • Fulfillment in %
    • Description of the implementation

Usage – Approval & Completion🔗

  1. After completing the execution, proceed to the Approval step.
  2. Review the completeness of the documented audit items and findings.
  3. Formally approve the audit and document who granted the approval.
  4. The audit is then marked as completed.

Evaluation & Reports🔗

  • Use the audit overviews to:
  • view the status of open and completed audits,
  • track the progress of measures,
  • identify trends across multiple audit cycles.
  • Export — if available — audit reports for distribution to management, clients, or auditors.

Notes & Best Practices🔗

  • Maintain documentation so that a third party (e.g. external auditor) can understand the results without having been present at the audit.
  • Link audit findings with existing structures (risks, measures, assets) wherever possible to avoid redundancies and make connections visible.