Auditor Access for Compliance records
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-12-2024 07:19 AM
Hello,
As part of an internal audit, We would like to give access to auditors only to specific records from controls and indicators. What are the options to avoid giving them access to all GRC records please?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-13-2024 10:00 PM
Hi @jaikellaila ,
We have dedicated role available for the Auditors :
sn_audit_ws.auditor, sn_audit.user
The following table lists the key tasks that you can perform in your role as an auditor.
| Activity | Task |
|---|---|
| Examine records, reports, operating practices, and documentation to ensure compliance with internal controls. | Update an assigned control test. |
| Create test plans to document control testing procedure. | Create a test plan. |
| Coordinate walkthroughs and interviews for assessing internal control processes. | Update other assigned audit tasks. |
| Request and review evidence for control implementation. | Request evidence for audit tasks. |
| Comply with federal, state, and local security legal requirements. | Create an observation for an audit task assigned to an auditor. |
Now, if you still want to restrict them, you would certainly have to go down the ACL route . Depending on the length of the audit engagement, perhaps you could shift things around.
