GRC: Audit Management

Question 1

What is the recommended GRC module implementation order?

Answer 1

1. Policy and Compliance, 2. Risk Management, 3. Audit Management

Question 2

What additional functionality does Advanced Audit provide?

Answer 2

integrates with the PPM module to help plan engagements. Enhances engagements with the Cost Plan, Resource Plan and timecard functionality. Milestones and observations are also enhanced.

Question 3

What does the engagements module allow?

Answer 3

Allows for the viewing and creation of engagements

Question 4

What is the use for Milestones?

Answer 4

Milestones allow the tracking of engagement progress and contain Audit tasks for completion

Question 5

What is the purpose of audit tasks?

Answer 5

They are added to milestones and track the progress towards that milestone

Question 6

What is the purpose of Audit Universe?

Answer 6

It allows for the creation of Auditable Units which are based off of entities and help to scope the engagements

Question 7

What is the scoping module?

Answer 7

It is a common module across all of the GRC applications for the creation of both Entity Types, Entity Classes, and entities

Question 8

What is the purpose of sn_audit.glide.script.block.client.globals?

Answer 8

The audit module requires the use of Jquery to function; this system property must remain false for the audit module to work

Question 9

What table does sn_audit_task extend?

Answer 9

sn_audit_task extends the planned task table

Question 10

what is the purpose of the sn_audit_task table?

Answer 10

This is a generic task table for all of the audit module. sn_audit_control_test, sn_audit_interview, and sn_audit_walkthrough all extend from this table

Question 11

What are the various options for loading content into the audit management module?

Answer 11

1. Manual Entry/HTML
2. Import Data
3. Integrations with Content Providers
4. Inclusion of certain Accelerator Content Packs, such as, NIST CSF, SOX content from ServiceNow

Question 12

What is required for the approval of an Engagement?

Answer 12

All approvers that are added to an engagement need to approve in ServiceNow for it to move to the Follow Up state

Question 13

What occurs if an approved engagement has no open tasks or items?

Answer 13

The engagement skips the Follow Up state and autocloses

Question 14

What is the purpose of the sn_grc.enable_record_confidentiality system property?

Answer 14

This system property enables the confidentiality tab on engagement records and allows for the restriction of access to the records based on a list of allowed users

Question 15

What is the default Knowledge base used to publish Audit reports?

Answer 15

sn_audit.knowledge_base

Question 16

What is the purpose of sn_audit_advanced.default_adv_notifiaction_duedate_duration?

Answer 16

This system property defines the default duration in days from the due date of a milestone in which to send a notification

Question 17

What is the purpose of the Audit Admin role?

Answer 17

The admin can perform all of the actions that the sn_audit.manager can perform as well as delete engagements, audit tasks, test templates, and test plans

Question 18

sn_audit.admin contains what roles?

Answer 18

sn_audit.manager, sn_grc.admin

Question 19

What can the role of Audit Developer do?

Answer 19

The audit developer can perform all of the inherited permissions as well as add and delete audit report templates

Question 20

sn_audit.developer contains what roles?

Answer 20

sn_audit.admin, sn_grc.developer

Question 21

What is the purpose of the External Auditor role?

Answer 21

External auditors are assigned to third party auditors that can be assigned to engagements and audit tasks. They can view closed engagements, audit tasks that are assigned to them and closed audit tasks. If Policy and Compliance Management and Risk Management are installed then they can also view published policies, controls and risks in the monitor state

Question 22

What is the purpose of the Audit Manager role?

Answer 22

In addition to inherited permissions, the audit manager can also create authority documents, citations, policies, control objectives, and controls

Question 23

sn_audit.manager contains what roles?

Answer 23

sn_audit.user, sn_grc.manager

Question 24

sn_audit.user contains what roles?

Answer 24

sn_compliance.reader, sn_grc.reader, sn_grc.user

Question 25

An Audit User role can perform what actions?

Answer 25

Can be assigned audit tasks, create test templates, and test plans. Read only access to Risk Management, and Policy and Compliance apps

Question 26

What is the purpose of the Engagement Project Manager?

Answer 26

Audit lead that performs advanced planning and can handle plans or engagements

Question 27

sn_audit_advanced.engagement_project_manager contains what roles?

Answer 27

sn_audit.manager, resource_manager, it_project_manager

Question 28

sn_audit_activity extends what table and performs what function?

Answer 28

Extends Audit Task(sn_audit_task) and stores audit activities

Question 29

What table does sn_audit_task extend and what function does it perform?

Answer 29

Extends Planned Task table (planned_task) and is a generic table for all tasks associated with an audit

Question 30

What is the purpose of the sn_audit_base_test table?

Answer 30

Base table for Test Templates and Test Plans

Question 31

What is the purpose of the sn_audit_control_test and what table does it extend?

Answer 31

Extends sn_audit_task and stores control tests

Question 32

What are the objectives of the Audit Management application?

Answer 32

1. Ensure risks are properly identified and quantified
2. Implement controls to reduce risk
3. Controls are monitored for effectiveness
4. Remediate any deficiencies when found

Question 33

What are the four main sections of the Audit workspace for audit supervisors?

Answer 33

1. Overview: Provides the audit timeline and overview
2. Tracking: Provides a summary of audit tasks, issues, and observations
3. Open Audits: Provides details of open plan and engagement details
4. Tasks: Provides a summary of the logged in user’s tasks and the group’s tasks

Question 34

What are auditors responsible for?

Answer 34

1. Reviewing Policies and Procedures
2. Reviewing risks
3. Reviewing Control Design
4. Reviewing Control Test Design
5. Reviewing Control Test results
6. Test Controls
7. Issue Observations

Question 35

What are the Workspace Roles needed to use Audit Workspace?

Answer 35

Auditor sn_audit_ws.auditor contains role sn_audit.user

Audit Supervisor sn_audit_ws.supervisor contains roles sn_audit_ws.auditor and sn_audit.manager

Question 36

What role would be assigned to an external auditor so that they have limited access to the system but still be able to see the information needed to complete the audit?

Answer 36

sn_audit.external_auditor

Question 37

Some common groups created for Audit Management include?

Answer 37

Audit Administrators
Audit Managers
Internal Auditors
External Auditors

Question 38

What is an Internal Audit?

Answer 38

An Internal audit evaluates the effectiveness of an organization’s internal controls, risk mitigation, corporate governance, and accounting processes. Internal audit are conducted throughout the year and do not audit the same entity or line of business every single year.

Question 39

What is an External Audit?

Answer 39

External audit are either concerned with accuracy of business accounts and the organizations’s financial condition or, in some industries, the organization’s compliance with laws and regulations. External auditors typically conduct a single annual audit.