Evidence request is used by audit and compliance teams for requesting supporting
documents during an audit. Auditors and compliance teams require these documents from the first
line of defense.
Evidence is all the information used by an auditor in determining the audit opinion. Evidence
includes the information contained in the accounting records underlying the financial statements
and other information. Evidence is cumulative in nature. It includes evidence obtained from audit
procedures performed during the audit. Evidence may also include audit evidence obtained from
other sources such as, previous audits.
An evidence request is frequently introduced during the audit preparation or planning phase
after the audit announcement. The documents requested are used by the audit team to understand
the in-scope controls and processes, and to begin fieldwork testing. As an audit progresses
through various stages, the audit team frequently adds new requests to the list. The compliance
teams use the collected evidence for control testing.
Starting with GRC Advanced Core version 11.0.3, unplanned evidence request is supported by the
Audit Management and
Policy and Compliance Management applications in the following
ways.
- Evidence can be requested from an engagement and all audit tables. To understand how to
request evidence, see Request evidence.
- Compliance teams can request evidence from control owners, business stakeholders, and
process owners.
- Audit teams can request evidence from control owners, business stakeholders, process
owners, and compliance teams.
- Assigned users can provide evidence directly from the Service Portal.
- Managers can approve evidence requests based on various criteria, such as confidentiality
and criticality.
- Improved communication channels between requesters and assignees streamline the approval
process.
- Improved confidentiality constraints prevent unauthorized persons from viewing request
information.
