Business rules installed with Audit Management

GRC: Audit Management adds the following business rules.

Business rule Tables Description
Add control to engagement Control

[sn_compliance_control]

Automatically relates a control to all engagements that are in the validate or fieldwork states and associate with the control profile
Add risk to engagement Risk

[sn_risk_risk]

Automatically relates a risk to all engagements that are in the validate or fieldwork states and associate with the risk profile
Add test plan to engagement Test Plan

[sn_audit_test_plan]

Automatically relates a test plan to all engagements that are in the validate or fieldwork states and associate with the test plan profile
Associate records when validated Engagement

[sn_audit_engagement]

Associates all risks, controls, and test plans associated with the profile when a profile is associated with an engagement in the Validate or Fieldwork states
Associate to engagement after scoped Profile to Engagement

[sn_audit_m2m_profile_engagement]

Associates all risks, controls, and test plans associated with an engagement scoped profiles when the engagement moves from the Scope state to the Validate state
Auto-approve if no approvers Engagement

[sn_audit_engagement]

If the Approvers field is empty, automatically moves an engagement from Awaiting Approval to Follow Up
Auto-close if no issues or tasks Engagement

[sn_audit_engagement]

If there are no open issues or tasks associated with the engagement, automatically moves an engagement from the Follow Up state to the Closed state
Check close incomplete Control Test

[sn_audit_control_test]

If a control test is Closed Incomplete, set the Control effectiveness field to none
Close Engagement
  • Audit Task [sn_audit_task]
  • Issue [sn_grc_issue]
If there are no longer any open audit tasks or issues, automatically closes an engagement in Follow up
Control Effectiveness Control Test

[sn_audit_control_test]

Updates the control effectiveness based on changes to the design or operation effectiveness
Create issue if test ineffective, closed Control Test

[sn_audit_control_test]

If a control test is closed as ineffective, create an issue
Disassociate records upon deletion Profile to Engagement

[sn_audit_m2m_profile_engagement]

Disassociates risks, controls, and test plans when a relationship between a profile and engagement is removed
Populate fields when Test plan changes Control Test

[sn_audit_control_test]

Updates the expectations, assessment procedures, duration, and control whenever a control test of a test plan changes
Prevent duplicate association Profile to Engagement

[sn_audit_m2m_profile_engagement]

Prevents duplicate many-to-many relationships between profiles and engagements
Prevent picking retired control
  • Control Test [sn_audit_control_test]
  • Test Plan [sn_audit_test_plan]
Prevents creating a control test or test plan against a retired control
Run approval workflow Engagement

[sn_audit_engagement]

Runs the approval workflow for engagements
Scratchpad to check active plugin Engagement

[sn_audit_engagement]

Sets scratchpad variables based on whether GRC: Risk Management, GRC: Policy and Compliance Management, and GRC: Profiles are installed
Set percent complete to 100 if no task Engagement

[sn_audit_engagement]

If the engagement is Closed Complete or Closed Incomplete with no tasks, set the percent complete of an engagement to 100
Set popup scratchpad Engagement

[sn_audit_engagement]

Sets scratchpad variables used to display dialogs
Set workbench display scratchpad Engagement

[sn_audit_engagement]

Set scratchpad variables used in the Engagement view
Start Control Test approval workflow Control Test

[sn_audit_control_test]

Runs the approval workflow for control tests
Update parent task percent complete Audit Task

[sn_audit_task]

Updates the parent task Percent complete when a child task is closed
Update planned end date
  • Audit Task [sn_audit_task]
  • Engagement [sn_audit_engagement]
Updates the End date of an engagement or audit task whenever the Duration changes
Validate start and end dates
  • Audit Task [sn_audit_task]
  • Engagement [sn_audit_engagement]
Validates that the planned start is before the planned end and that the actual start is before the actual end, and that the audit period start is before the audit period end
Validate task date with engagement date Audit Task

[sn_audit_task]

Validates that the planned start and planned end date of an audit task are within the time defined by the engagement planned start and planned end date. Similar validation is done for the actual work start and actual work end