Evidence request workflow and users

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Evidence Request Workflow and Users

    The Evidence Request workflow allows customers to electronically obtain necessary information from first and second lines of defense, enabling individuals being audited to upload documents directly into the system. This process reduces manual processing time significantly.

    Show full answer Show less

    Key Features

    • Evidence Request Initiation: An audit user with the snaudit.user role can request evidence for themselves or on behalf of another user.
    • Task Management: Requesters can cancel evidence tasks in Draft state and until they reach Review state.
    • Evidence Collection Records: Must be created to include instructions and assignment details before requesting evidence.
    • Confidentiality: Only the assigned user can view the request, ensuring privacy throughout the process.
    • Approval Workflow: Assignees can attach evidence or provide URLs. Approvers can review and either approve the evidence or request revisions.

    Key Outcomes

    Upon receiving approved evidence, the requester can review and choose to accept it, request further details, or cancel the request. Closing the request occurs once all tasks are accepted. Each role within the workflow has specific responsibilities to ensure efficient auditing and compliance management.

    • Internal Auditors: Perform audits, review findings, and monitor audit activities.
    • Compliance and Audit Managers: Request and review evidence and findings.
    • Compliance Users and Control Owners: Ensure controls are implemented and provide requested evidence.

    Evidence request helps customers to electronically request the information that they need from the first and second line of defense. The individuals being audited can then immediately upload their documents to the system, significantly reducing manual processing time.

    The evidence request workflow is as follows:
    1. An audit user with the sn_audit.user role requests evidence and assigns the request to another user. This requester can either request the evidence for themselves or raise a request on behalf of another audit user or GRC user. If the requester determines that an evidence task has been created erroneously, then the requester can cancel that particular evidence task. The ability to cancel the evidence request is available when the request is in Draft state. A requester can cancel the evidence request tasks any time until the tasks reach the Review state.
    2. After you create an evidence request, you must create evidence collection records and then the requester must request evidence. Evidence Collection records contain the evidence collection instructions, assigned to, and assignment group. On clicking Request Evidence, evidence request tasks are generated and they are assigned to a group or user.
    3. The assignee then receives an email with the link to provide the requested evidence.
      Note:
      If the requester changes the assignee after requesting evidence, then the original assignee can no longer view the request. Only the person who is assigned the request can view the request. This feature ensures confidentiality.
    4. The assignee can either attach the requested evidence or provide a URL or location that contains the required evidence.
    5. The assignee can also add an approver for verifying and approving the evidence. Adding approvers is necessary if the evidence is sensitive and confidential in nature.
    6. The approver can then review the evidence and either approve it, request revision, or request further details about the evidence.
    7. If the approver approves the evidence, the requester receives the evidence and can process it further.
    8. The requester can then review the evidence and do one of the following:
      • accept the evidence.
      • request for its review.
      • request further details about the evidence.
      • cancel the evidence request if it is not required anymore.
      • delete the request.
    9. If the requester accepts all the evidence tasks, the request is closed.
    The evidence request workflow is shown in the following figure:Workflow of evidence request
    The following table describes the roles and their responsibilities during the evidence request workflow:
    Table 1. Evidence request users, responsibilities, and requirements
    User Responsibilities Requirements
    Internal auditor
    • Perform audit testing.
    • Request audit testing.
    • Review all audit findings and the evidence collected.
    • Visibility into compliance and risk activity.
    • A job queue (pending, current, upcoming) to plan their team efforts.
    • Track and monitor audit findings.
    • Track and monitor audit activities.
    Compliance manager, Audit manager
    • Can request evidence.
    • Request compliance test evidence.
    • Review all findings and evidence collected.
    • Visibility into compliance activities.
    • A job queue (pending, current, upcoming) to plan their team efforts.
    • Track and monitor compliance findings.
    Compliance user, Control owner
    • Ensure that the controls are implemented.
    • Attest to the controls.
    • Test the controls.
    • Provide audit evidence requested by the auditor.
    • A job queue to direct their day-to-day activities.
    • Track the time spent and performance of activities and tasks they own.
    • Ensures the task they own and additional request from the auditor is fulfilled.