Understanding Audit Management The Audit Management automates the work streams of internal audit teams, optimizing resources and productivity, and eliminating recurring audit findings. Audit Management uses compliance and risk data to scope, plan, and prioritize audit engagements. The on-going review of policies and procedures, risks, and control breakdowns provide an opportunity for fixing issues before they become audit failures. Who uses Audit Management? Auditors (an independent body, typically reporting to the board of directors) Key activities for Audit ManagementAuditors are responsible for the following: Review policies and procedures Review risks Review control design Review control test design Review control test results Test controls Issue observations Audit Management and the ServiceNow platform Activate Audit ManagementThe GRC: Audit Management (com.sn_audit) plugin is available as a separate subscription.Create an audit report templateAudit developers manage the audit report templates.Establish profile types, profile classes, and profilesThe Scoping module contains profiles and profile types for use in all GRC-related applications. They can be created for any record on any table. Only one profile can exist for a record. That profile, however, can belong to many profile types. Profile types and profiles are used differently depending on the application.Manage test templates and test plansAn audit engagement may include control testing activities during which controls are evaluated for design and operational effectiveness.Manage engagementsThe audit engagement process involves creating, planning, scoping, and conducting engagements as well as reporting on engagement findings.Manage GRC key risk and control indicatorsContinuous monitoring involves activities related to identifying and creating key risk and controls indicators. Supporting information can be collected for those indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.Manage audit issues and remediationIssues can be created manually to document audit observations, remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.