Create an observation for an engagement

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • Create an audit observation to present a summary of problems, discoveries, and recommendations. The audit team can then review the observations to determine if the observation is a reportable issue.

    Before you begin

    Role required: sn_audit.manager, sn_audit_ws.supervisor, sn_audit.user, sn_audit_ws.auditor

    Procedure

    1. Navigate to All > Audit > Audit Workspace.
    2. Select the lists icon (List icon).
    3. Select All engagements in the Execution list.
    4. Select the link to the engagement record in the Name column.
    5. Select the Observations tab.
    6. Select New.
    7. On the form, fill in the fields.
      Table 1. Create New Observation form
      Field Description
      Number Unique identification number.
      Name Name of the observation.
      Engagement Engagement associated with this observation.
      Source Source or origin of the observation.
      Issue type Reason for creating the observation. The choices are:
      • Control design effectiveness failure
      • Control operative effectiveness failure
      • Control does not exist
      • Control doesn’t meet requirement
      • Other observation
      State State of the observation.
      Substate Substate of the observation.
      Priority Priority of the observation. Choices are:
      • 1 — Critical
      • 2 — High
      • 3 — Moderate
      • 4 — Low
      Description Detailed description of the observation.
      Action plan Plan for resolving the resulting issue.
      Assignment
      Owner User who creates and is responsible for the observation.
      Peer reviewer One of the auditors responsible for peer review.
      Respondent User responsible for completion of the action plan.

      Respondent can be the owner of the entity or control associated with the parent engagement.
      Reviewer group Group assigned to review the observation.
      Reviewer User responsible for reviewing the observation.
      Watch list Users interested in following updates to the observation.
      Details
      Control Control associated with the observation.
      Control Objective Control objective associated with the observation.
      Entity Entity associated with the observation.
      Audit task Audit task associated with the observation.
      Results
      Result Result of the observation. The choices are as follows:
      • Track as an observation
      • Track as a recommendation
      • Track as a best practice
      • Confirmed as a new issue
      • Confirmed as an existing issue
      • No action required
      Explanation Explanation for the selected result.
      Activity
      Work notes (Private) Notes about the observation. Work notes are visible to users who are assigned to the observation.
      Additional comments Public information about the observation.
      Security
      Confidential Option to enable confidentiality of the record. Only the assigned confidential users or confidential groups of users can access the record.
      Confidentiality flag to control access of audit records

      You can set the confidentiality flag at the record level for an issue, engagement, observation, control test, activity, interview, and walkthrough records. The users whom you determine to view and update these records are confidential users.

      When the Confidentiality option is selected, a list of users who can be an engagement lead, auditors, and approvers are auto-populated as Confidential users.

      You can add more audit users or GRC business users to the list or remove some of the existing users based on your access control criteria and can set them as confidential users.

      Additionally, you can also add random users to the record, who are neither audit users nor GRC business users. However, an email notification is sent to all confidential users who have neither an audit user nor a GRC business user role intimating them to acquire the confidential role (sn_grc.confidential_user) from the admin if they are to access the record.

      You can also select groups as Confidential groups who can access the record as well. For more information, see Confidential records in GRC common features.

      To enable the Confidentiality property at the system level:
      1. Navigate to System Properties > All Properties.
      2. Select sn_grc.enable_record_confidentiality system property.
      3. Enter true in the Value field. This action enables record level confidentiality.
      4. Select Update.
    8. Select Save.
      You can monitor the state of the observation record in the State banner of the default Overview page as the record progresses through the different states.