search

Audits

hashtag
Overview

The Audits component is the core element of the Audit Center module, designed to help organizations plan, conduct, document, and track security audits. This component provides a structured approach to evaluating your security controls, identifying gaps, and implementing improvements to strengthen your security posture.

Security audits are essential for verifying the effectiveness of your security program, demonstrating compliance with regulatory requirements, and identifying opportunities for improvement. The Audits component integrates with other elements of the Audit Center and the broader Risk & Compliance Suite to provide a comprehensive framework for security assessment and continuous improvement.

hashtag
Key Features

hashtag
Audit Planning and Management

  • Audit Scheduling - Plan and schedule internal and external security audits

  • Audit Scope Definition - Define the boundaries and objectives of each audit

  • Audit Team Assignment - Designate auditors and subject matter experts

  • Framework-Based Audits - Conduct audits based on standard frameworks (ISO, NIST, etc.)

  • Custom Audit Criteria - Create organization-specific audit requirements

hashtag
Audit Execution

  • Control Assessment - Evaluate the implementation and effectiveness of security controls

  • Evidence Collection - Gather and organize documentation to support audit findings

  • Interview Management - Schedule and document discussions with key personnel

  • Testing Documentation - Record the results of control testing activities

  • Observation Tracking - Document issues identified during the audit process

hashtag
Audit Documentation

  • Audit Records - Maintain comprehensive documentation of audit activities

  • Evidence Repository - Store and organize supporting documentation

  • Audit Trail - Track all actions and decisions during the audit process

  • Audit Reports - Generate detailed reports of audit results and recommendations

  • Historical Records - Maintain archives of past audits for reference and comparison

hashtag
Audit Integration

  • Finding Management - Link audits to identified issues and observations

  • Corrective Action Tracking - Connect audits to remediation activities

  • Control Mapping - Associate audits with specific security controls

  • Risk Alignment - Relate audit activities to identified security risks

  • Compliance Mapping - Link audits to regulatory requirements and standards

hashtag
Getting Started

hashtag
Accessing the Audits Component

  1. Log in to your AskInfosec account

  2. Navigate to the main dashboard

  3. Select "Audit Center" from the main navigation menu

  4. Click on "Audits" in the submenu

  5. You will be directed to the Audits dashboard

hashtag
Audits Dashboard

The Audits dashboard provides an overview of your organization's audit activities, including:

  • Upcoming Audits - Scheduled audits and their status

  • In-Progress Audits - Audits currently being conducted

  • Completed Audits - Recently finished audit activities

  • Audit Calendar - Timeline view of scheduled audits

  • Audit Statistics - Metrics on audit completion, findings, and remediation

hashtag
Managing Audits

hashtag
Creating a New Audit

To set up a new audit:

  1. From the Audits dashboard, click the "New Audit" button

  2. Enter basic audit information:

    • Audit Name

    • Description

    • Start and End Dates

    • Audit Owner

    • Audit Team Members

  3. Select the audit type:

    • Framework-based (e.g., ISO 27001, NIST CSF)

    • Control-specific (selected controls only)

  4. If framework-based, select the relevant framework

  5. Click "Create" to set up the audit

  6. You will be directed to the audit details page for further configuration

hashtag
Audit Details

The audit details page contains comprehensive information about a specific audit:

  1. Basic Information - Name, description, dates, and ownership

  2. Audit Scope - Frameworks, controls, or systems being evaluated

  3. Audit Team - Individuals involved in conducting the audit

  4. Audit Status - Current state of the audit process

  5. Related Items - Findings, requests, and corrective actions

hashtag
Audit Status Management

Audits typically follow this lifecycle:

  1. Planned - Initially created, not yet started

  2. In Progress - Audit activities have begun

  3. Under Review - Audit completed, results being reviewed

  4. Completed - Audit finalized, including all documentation

  5. Archived - Historical audit preserved for reference

To update an audit's status:

  1. Navigate to the audit details page

  2. Click "Update Status"

  3. Select the new status

  4. Provide comments explaining the status change

  5. Save the status update

hashtag
Conducting Audits

hashtag
Audit Preparation

Before beginning an audit:

  1. Review the audit scope and objectives

  2. Gather relevant documentation:

    • Security policies and procedures

    • Previous audit reports

    • Control documentation

    • Compliance requirements

  3. Prepare an audit plan:

    • Schedule of activities

    • Required resources

    • Stakeholder involvement

    • Evidence collection methods

  4. Notify relevant stakeholders

  5. Conduct a kickoff meeting to explain the audit process

hashtag
Audit Execution

To conduct an audit:

  1. Navigate to the audit details page

  2. For each control or requirement in scope:

    • Review the control description and requirements

    • Collect and evaluate evidence of implementation

    • Document observations and test results

    • Determine compliance status

    • Create findings for identified issues

  3. Update the audit status as you progress

  4. Document all activities in the audit record

hashtag
Framework-Based Audits

When conducting an audit based on a standard framework:

  1. Navigate to the audit details page

  2. Select the "Controls" tab

  3. View the list of framework controls in scope

  4. For each control:

    • Review the control requirements

    • Assess implementation status

    • Document evidence and observations

    • Assign a compliance rating

  5. Track overall framework compliance

  6. Generate a compliance report

hashtag
Control-Specific Audits

When conducting an audit of selected controls:

  1. Navigate to the audit details page

  2. Select the "Controls" tab

  3. Click "Add Controls" to select specific controls for assessment

  4. For each selected control:

    • Review the control requirements

    • Assess implementation status

    • Document evidence and observations

    • Assign a compliance rating

  5. Track control-specific compliance

  6. Generate a targeted assessment report

hashtag
Managing Audit Requests

During an audit, you may need to request information or actions from various stakeholders:

  1. From the audit details page, click "New Request"

  2. Enter request details:

    • Request Name

    • Description

    • Assigned To

    • Due Date

  3. Save the request

  4. Track request status and follow up as needed

  5. Close the request when completed

hashtag
Audit Evidence Management

hashtag
Adding Evidence to Audits

To document control implementation:

  1. Navigate to the audit details page

  2. Select the "Evidence" tab

  3. Click "Add Evidence"

  4. Choose the evidence type:

    • Document upload

    • Link to existing document

    • Screenshot

    • Text description

    • External reference

  5. Provide a description explaining how the evidence relates to the audit

  6. Upload or link the evidence

  7. Save the evidence record

hashtag
Managing Evidence

To organize and maintain audit evidence:

  1. Navigate to the audit details page

  2. Select the "Evidence" tab

  3. View all evidence associated with the audit

  4. Filter evidence by type, date, or control

  5. Update or replace outdated evidence

  6. Remove irrelevant or obsolete evidence

hashtag
Evidence Review

During audit assessment, review evidence for:

  1. Relevance - Does the evidence directly relate to the control?

  2. Completeness - Does it fully demonstrate compliance?

  3. Currency - Is the evidence up-to-date?

  4. Authenticity - Is the evidence reliable and trustworthy?

  5. Sufficiency - Is there enough evidence to support compliance?

hashtag
Audit Findings and Follow-up

hashtag
Creating Findings

To document issues identified during an audit:

  1. From the audit details page, click "New Finding"

  2. Enter finding details:

    • Finding Name

    • Description

    • Severity (High, Medium, Low)

    • Category

    • Assigned To

  3. Link the finding to relevant controls or requirements

  4. Save the finding

  5. The finding will appear in the Findings tab of the audit

hashtag
Importing Findings

To import multiple findings from an external source:

  1. From the audit details page, click "Import Findings"

  2. Select the import format (CSV, Excel)

  3. Upload the file containing finding information

  4. Map the file columns to the required finding fields

  5. Review the imported findings

  6. Confirm the import to add the findings to the audit

hashtag
Creating Corrective Actions

To define steps for addressing audit findings:

  1. From the finding details page, click "New Corrective Action"

  2. Enter corrective action details:

    • Action Name

    • Description

    • Root Cause

    • Assigned To

    • Due Date

    • Priority

  3. Save the corrective action

  4. The action will appear in the Corrective Actions tab of the finding

hashtag
Audit Reporting

hashtag
Generating Audit Reports

To create a comprehensive report of audit activities:

  1. Navigate to the audit details page

  2. Click "Generate Report"

  3. Select the report type:

    • Executive Summary

    • Detailed Audit Report

    • Findings Report

    • Compliance Status Report

  4. Choose the report format (PDF, Excel, Word)

  5. Generate the report

  6. Download or share the report as needed

hashtag
Audit Dashboards

To visualize audit status and results:

  1. Navigate to the Audits dashboard

  2. View the standard dashboards:

    • Audit Status Overview

    • Finding Distribution

    • Corrective Action Progress

    • Compliance Heatmap

  3. Filter dashboards by date range, audit type, or department

  4. Export dashboard visualizations for presentations or reports

hashtag
Audit Integration

hashtag
Control Management Integration

The Audits component integrates with Control Management:

  1. Select controls from your control inventory for audit scope

  2. Update control assessments based on audit results

  3. Link findings to specific controls for targeted remediation

  4. Track control effectiveness through audit history

hashtag
Risk Management Integration

The Audits component integrates with Risk Management:

  1. Consider high-priority risks when planning audits

  2. Create or update risks based on audit findings

  3. Link findings to existing risks for comprehensive tracking

  4. Use audit results to refine risk assessments

hashtag
Policy Management Integration

The Audits component integrates with Policy Management:

  1. Verify policy implementation through audit activities

  2. Link findings to policy gaps or non-compliance

  3. Update policies based on audit recommendations

  4. Demonstrate policy effectiveness through audit results

hashtag
Best Practices

hashtag
Audit Planning

  • Define clear objectives - Establish specific goals for each audit

  • Right-size the scope - Ensure the audit is manageable and focused

  • Involve stakeholders - Engage affected teams in planning

  • Prepare adequately - Gather necessary information before starting

  • Communicate effectively - Ensure all parties understand the process

hashtag
Audit Execution

  • Follow a structured approach - Use consistent methodology

  • Document thoroughly - Maintain detailed records of all activities

  • Remain objective - Base findings on evidence, not assumptions

  • Be respectful - Conduct audits professionally and collaboratively

  • Verify information - Confirm observations through multiple sources

hashtag
Audit Documentation

  • Be comprehensive - Include all relevant information

  • Maintain clarity - Ensure documentation is easy to understand

  • Use standardized formats - Apply consistent templates and structures

  • Preserve evidence - Securely store all supporting documentation

  • Enable traceability - Create clear links between observations and conclusions

hashtag
Audit Follow-up

  • Prioritize findings - Focus on high-risk issues first

  • Assign clear ownership - Ensure responsibility for remediation

  • Set realistic deadlines - Allow adequate time for corrective actions

  • Verify implementation - Confirm that issues have been addressed

  • Learn from results - Use audit outcomes to improve processes

hashtag
Troubleshooting

hashtag
Common Issues

  • Scope creep - Keep audits focused on defined objectives

  • Insufficient evidence - Ensure adequate documentation is collected

  • Delayed responses - Follow up on information requests promptly

  • Inconsistent assessments - Use standardized evaluation criteria

  • Incomplete documentation - Verify all audit activities are recorded

hashtag
Getting Support

If you encounter issues with the Audits component:

  1. Check the in-app help documentation

  2. Contact your organization's system administrator

  3. Submit a support ticket through the AskInfosec support portal

hashtag
Conclusion

Effective audit management is essential for verifying the effectiveness of your security program, demonstrating compliance with regulatory requirements, and identifying opportunities for improvement. The Audits component provides the tools and structure needed to plan, conduct, document, and track security audits in a consistent, comprehensive manner.

By following the processes outlined in this guide, you can establish a robust audit program that helps your organization identify security gaps, implement improvements, and demonstrate due diligence in protecting your information assets.

PreviousAudit CenterNextIndex

Last updated