Audit observations

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Audit observations

    Audit observations are the documented results of an audit, capturing findings from reviews, analyses, interviews, and discussions. They highlight significant issues for audit managers and serve as a critical component of audit reports. These observations are based on evidence collected during activities such as control testing, interviews, and walkthroughs, and are recorded within the system.

    Show full answer Show less

    ServiceNow customers use audit observations to track issues related to audit engagements and tasks, enabling auditors to summarize problems, findings, and recommendations effectively.

    Audit Observation Lifecycle and Workflow

    Audit observations follow a defined lifecycle consisting of the states: Draft, Review, Respond, Finalize, and Closed. The workflow includes:

    • Creation: An audit user with the snaudit.user role creates an observation linked to an engagement or audit task, provided the engagement is not in Follow Up or Closed states.
    • Assignment: The creator assigns respondents (entity and control owners) and peer reviewers (auditors and audit leads).
    • Peer Review: The creator can request a peer review. Peer reviewers receive notifications and can access pending peer reviews under Audit > Observations > My Pending Peer Reviews. The observation remains in Draft state with a substate of Peer review requested during this process.
    • Review: The creator can request a review by an audit manager or audit lead. Reviewers are notified and access tasks under Audit > Observations > My Pending Reviews. They may request revisions, request responses from respondents, or provide feedback.
    • Response: If a response is requested, respondents address the observation via Audit > Observations > My Pending Response.
    • Finalization and Closure: After responses and reviews, the observation moves to Finalize, then Closed, at which point an issue is created.

    Practical Benefits for ServiceNow Customers

    • Enable structured tracking and management of audit observations throughout their lifecycle, ensuring clear accountability and progress.
    • Facilitate collaboration among auditors, respondents, and reviewers through notifications and designated task views.
    • Support audit teams in distinguishing between reportable issues, recommendations, and best practices for accurate reporting and follow-up.
    • Streamline the audit reporting process by integrating observation creation, review, response, and closure within the ServiceNow platform.

    Audit observations are the results of an audit. As an important part of the audit report, audit observations represent the results of reviews, analysis, interviews, and discussions.

    Audit observations are used to bring significant issues to the attention of audit managers. Observations are logged in the system. For example, if a bank's operations are being audited, then the audit observations are based on evidence about how the bank's operations perform against the audit criteria. During control testing, interviews, and walkthroughs, audit observations are recorded. An audit user can create an observation from an engagement if the engagement is not in the Follow Up or Closed states. An observation can also be created from all types of audit tasks.

    After the auditor completes the audit, the auditor then presents the audit observations to the audit managers. By using the audit observations, the auditor can present a summary of problems, discoveries, and recommendations. The audit team reviews the observations to determine if the observation is a reportable issue. The audit team can also determine if the observation can be tracked as a recommendation, an observation, or a best practice.

    In its life cycle, an audit observation moves through the following states:
    1. Draft
    2. Review
    3. Respond
    4. Finalize
    5. Closed
    The workflow of an observation is as follows:
    1. An audit user with the role sn_audit.user creates an observation.
    2. The observation creator assigns respondents and peer reviewers to the observation. The respondents are the entity owners and control owners. The peer reviewers are the auditors and audit leads of the engagement.
    3. The observation creator can request a peer review of the observation. In that case, the following then happens.
      1. The peer reviewer gets a notification to perform the peer review. The peer reviewer can view the task under Audit > Observations > My Pending Peer Reviews.
      2. The peer reviewer completes the review.
      Note:
      When a peer review is requested, the state remains as Draft but the substate changes to the Peer review requested substate.
    4. The observation creator can also request a review. The reviewer can be an audit manager or the audit lead.
      1. The reviewer gets a notification to perform the review. The reviewer can view the task under Audit > Observations > My Pending Reviews.
      2. The reviewer can either request a revision of the observation or request a response from the respondent. The reviewer can also provide feedback in the Results section by selecting the appropriate option.
    5. If the reviewer requested a response from the respondent, then the respondent responds to the observation by navigating to Audit > Observations > My Pending Response.
    6. The observation moves to the Finalize state.
    7. The observation is closed and an issue is created.
    Figure 1. Audit observations workflow
    The lifecycle of audit observation