Audit Management
Overview
The Audits section helps you prepare for, execute, and track compliance audits. Organize evidence, collaborate with auditors, and maintain audit history. Your vCISO coordinates with the auditor on your behalf, handles scheduling, and ensures your evidence package is complete before fieldwork begins.
Audit Lifecycle
Planning
Your vCISO schedules the audit and defines scope with the auditor.
Preparation
Collect evidence and prepare documentation.
Fieldwork
Auditor reviews evidence and conducts testing.
Reporting
Receive audit report and address findings.
Closure
Complete remediation and close the audit.
Audit Dashboard
The audit dashboard shows:
| Section | Description |
|---|---|
| Status | Current audit phase |
| Progress | Evidence collection progress |
| Evidence | Collected and pending evidence |
| Issues | Open findings and requests |
| Timeline | Upcoming milestones |
Evidence Bundles
Evidence bundles organize documentation for auditor review:
Creating a Bundle
- Open the audit
- Click Create Evidence Bundle
- Select controls to include
- Add relevant evidence to each control
- Review and finalize
Bundle Contents
Each bundle contains:
- Control Listing - All in-scope controls
- Evidence - Documents, screenshots, exports
- Test Results - Automated and manual test outcomes
- Notes - Context and explanations
Managing Requests
Information Requests
Auditors may request additional information:
- Review request in the audit dashboard
- Gather required evidence or documentation
- Upload response and mark as addressed
- Auditor reviews and closes request
Request Statuses
| Status | Meaning |
|---|---|
| Open | Awaiting response |
| Submitted | Response provided, awaiting review |
| Accepted | Auditor satisfied |
| Needs Revision | Additional information required |
Findings and Remediation
Audit Findings
Auditors may identify findings:
- Observations - Minor issues or recommendations
- Exceptions - Control failures during audit period
- Deficiencies - Significant control weaknesses
Remediation Process
Review Finding
Understand the finding and its impact.
Create Remediation Plan
Document steps to address the finding.
Implement Changes
Execute the remediation plan.
Collect Evidence
Document the remediation actions.
Close Finding
Submit evidence and close the finding.
Audit History
Past Audits
View completed audits:
- Audit Reports - Final audit reports
- Evidence Archives - Point-in-time evidence
- Findings History - Past findings and remediation
Continuous Improvement
Use audit history to:
- Track improvement over time
- Identify recurring issues
- Prepare for future audits
Best Practices
Start Early
Begin audit preparation at least 2-3 months before fieldwork. This provides time to address gaps and gather comprehensive evidence.
Maintain Ongoing Readiness
Don't treat compliance as a point-in-time activity. Continuously collect evidence and maintain controls throughout the year.
Communicate Proactively
Keep your auditor informed of any changes or issues. Surprises during fieldwork create delays and complications.
Document Everything
When in doubt, document it. Better to have too much evidence than too little.