Audits
      Back to home
      1. Knowledge Center
      2. Audits

      How to Create an Audit

      Follow these steps to create a new audit in The Ostendio Platform.

      To create a new Audit:

      1. Click the Add New Audit button on the top right-hand side of the Audits Module homepage or add a new audit by simply clicking the + button on the top bar of the page within the Ostendio platform and select Audits.

      2. Next, add the name of the audit, an audit number (Optional), and set the priority for the audit.

      3. While the description field is optional, we strongly recommend using this space to provide a list of instructions to the Audit Task Owner(s), such as:

      • Links to the information sources (such as system urls or even direct links to the dashboards containing the information to review)
      • What data points to look for
      • What to do if you find a discrepancy or non-compliant issue

      4. In addition, decide if you want this task to be public or private (The Ostendio Platform defaults to public).

      5. Task Settings allows you to customize the frequency and the display settings of your task.

        • Task Scheme lets you choose whether to create a single collective audit task or  several individual audit tasks, i.e.:
            • A single Collective task for all items: This will create a single audit task that encompasses all the audit items.
              • For example, if the same person is responsible for performing the review of the access controls for all 5 of the systems that need to be reviewed every quarter, then a single collective audit task will enable that person to make a single submission including the review results for all systems. 
            • An Individual task per item: This will create separate audit tasks for each owner of each audit item. 
              • For example, if John, Mary, Sally and Bob are the responsible owners of their own systems, this would mean:
                • John is the admin responsible for access control on the AWS back-end
                • Mary is the admin responsible for Gusto
                • Sally is the admin responsible for the Jira and ServiceNow hubs
                • Bob is the admin for the Knowbe4 content
              • When creating a quarterly review of access controls to the AWS, Gusto, Jira and Knowbe4 items, the individual task per item setting will create 4 separate audit tasks, i.e. a separate task for:
                • John to review the access control list (ACL) for AWS users
                • Mary to review the ACL for Gusto users
                • Sally to review the ACL for Jira and ServiceNow users
                • Bob to review the ACL for Knowbe4 users

        • Task Owner designates who will be responsible for carrying out the task:
            • For a Single Item Task, The Ostendio Platform allows you to designate who will be the person responsible for carrying out an audit task.
            • In a Multiple Item Task Stack, the audit task will automatically be assigned to whoever is listed as the owner of the object within The Ostendio Platform.
        • Task Frequency and Interval allows you to indicate the frequency of your audit tasks. Note: This setting can now be changed in the future after the audit has been saved.
          • One Time – the audit task will occur only once.
          • Daily – every [number] day
          • Weekly – Weekly every [number] weeks on [day of the week].
          • Monthly – every [number] months on the [date of month].
          • Yearly – every [number] year on [month].
          • Calendar-Quarter – every [number] quarter on the [first day] or [last day] of the quarter.
        • Task Schedule Type will be determined based on Task frequency and Task interval combination 90chosen – Fixed Cycle or Running Cycle.
          • A Fixed Cycle means that the audit task needs to be performed on/before the exact date within your established frequency (i.e. 1st of the month every month).
          • A Running Cycle means that the audit task needs to be performed at an established frequency from the date that the audit task was last completed (i.e. every 3 months after it was last completed).
        • Audit ends determines how long the audit will run.
          • Never – audit will run interminably.
          • End by – indicates the last day for when the task no longer needs to be completed.
          • After – a field to populate the number of cycles the audit is required to run.
        • Audit begins on – this is the date Ostendio will begin tracking the audit schedule.
        • Task first due date – this is the date the first task submission will be due, regardless of task settings.  After the first submission has been completed, The Ostendio Platform will follow the schedule outlined by the Interval settings.
        • Once the Task first due date is chosen, you will have the option to Show upcoming task due dates.  These dates will show on the right-side panel.

        • Select if the electronic signature is required for submission.
        • Select if late submission is allowed – if this is not checked, once the due date of the task cycle passes without a completed audit task, the audit task will be non-compliant until the next task cycle.
        • Select if multiple submission is allowed.

      6. Certification Text is where you provide the text that your users will use to either certify compliance (no issues found) or non-compliance (issues found with audit) with their submission.  The Ostendio Platform will now have default certification language or allow for custom language.

      7. Audit items – here you will add the items that the audit will run against.  You can add items from multiple sources, i.e., Document, Asset, etc.  You can also do a general audit where there is no specific item that needs to be added.

      8. Access Control designates who is the owner of the Audit task, as well as its custodians and consumers. Audit owners are responsible for delegating a task to owners (task owners can be changed under Task Settings):

        • Owners are responsible for delegating an audit task, either to others or potentially to oneself, and can modify the audit task within The Ostendio Platform. The owner will be notified when the audit task has been carried out.
        • Custodians of an audit have all the same permissions as the audit task owner and are also not necessarily responsible for carrying out an audit task. They have the ability to make changes to the audit task but will not be notified when a task has been completed.
        • Consumers can only view the audit task and have no control to make any changes to an audit task in addition to not necessarily being the person(s) responsible for carrying out the task.

      9. On the side right-panel, assign any collection items you would like the audit task to be associated with as well as any relevant tags and attachments.

      10. Click Add new audit at the top right to save your audit.

      In your audit overview page, you can still modify all aspects of your audit task, review audit submissions, and monitor all activity around your audit.