Auditable Unit with Risk and control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2025 05:05 PM
Hi Community,
We have a requirement where the client wants to perform Assurance activity before creating an Engagement.
We are looking if there's an OOB relationship between Auditable Unit, Risk and Control.
Thanks,
Bhanu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2025 11:33 PM
Hi Bhanu,
Yes, there are OOB relationships between "Auditable Unit -> Risk" and "Risk -> Control". But there is no direct OOB table or relationship that explicitly connects "Auditable Unit -> Control", unless you derive it through risk.
If your client wants to perform Assurance activities before creating Engagements, here’s a typical process you could implement using existing relationships:
- Identify Risks and Controls linked to the selected Auditable Unit.
- Perform Assurance (e.g., via a Risk Assessment or Control Test).
- Create Engagement only if Assurance is passed or complete.
As far as I know I can recommend below approach:
- Use Audit Workspace, Policy and Compliance, or GRC Workflows to create Assurance tasks/records.
- Build a UI Action or Flow that:
a. Queries the risks and controls linked to the Auditable Unit.
b. Validates whether assurance has been performed (e.g., check assurance_status or assessment_resultfields).
c. Only then allows creation of the Engagement record (grc_engagement).
Request you to mark this as helpful!
Regards,
Madhuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2025 05:46 PM
Hi Madhuri,
Thanks for the response.
Could you please let me know if there is any plugin that needs to be activated for this relationship between Auditable Unit and Risks records because I cannot find any related list in my PDI for the same.
thanks,
Bhanu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2025 01:44 AM
First, figure out which Risks and Controls are connected to the Auditable Unit you're focusing on. Then, you'd perform your assurance activity – this could be something like a Risk Assessment or a Control Test. The idea is to only move forward and create the Engagement once that assurance step is completed or has passed.
For the actual "how-to," you could definitely use the Audit Workspace, Policy and Compliance module, or even standard GRC Workflows to manage those assurance tasks. Then, you could build a simple UI Action or a Flow. This would essentially:
- Look up all the risks and controls tied to your chosen Auditable Unit.
- Check to see if the assurance activity for those items has been done (maybe by looking at a field like assurance_status or assessment_result).
- Only then would it allow someone to create the grc_engagement record.
