Define a GRC audit requirement - Legacy

Audit Requirements can be defined to create a relationship between the audit and authoritative source content, allowing auditors to determine whether the audit is in compliance with particular sections of regulation or policy.

  1. Navigate to GRC > Audit Definitions.
  2. Click Edit in the Requirements related list and add authoritative source content.
  3. After you add the audit requirements to the list, click Edit in the Control Test Definitions related list and add a definition to associate with the control test.
    After the audit requirements are associated with the audit definition, these requirements create Requirements records associated to each audit instance generated. The Requirements form has the following fields:
    Table 1. Audit Requirements
    Field Input Value
    Number A number identifier for the requirement.
    Requirement A reference to the Authoritative Source Content which contains the original source of this requirement.
    Name The name field from the Authoritative Source Content record.
    Type The type field from the Authoritative Source Content record.
    Authoritative Source The authoritative source field from the Authoritative Source Content record.
    Control test definition The control test associated with the requirement.
    Supporting control test The control test instance whose results are either compliant or not compliant with this requirement.
    Compliant A check box to record whether the audited subject is compliant with this requirement.
    State The state field from task.
    Assignment group A group assigned to assess the requirements.
    Assigned to A user assigned to assess the requirements.