How-to
Preparing for an audit
Tracking scope, lead auditors, findings, and the control each finding targets.
Create an Audit entry for any internal or external audit. Capture scope, lead auditor, start/end dates, and (optionally) the framework it covers.
Findings attach to the parent audit. Each finding has severity, status, root cause, recommendation, remediation plan, and a responsible owner. Critically, a finding can point at the specific control it relates to — when tracking remediation, that link means the fix is anchored to the control that failed and is visible from the Controls library too.
Track open findings to closure in one place rather than spreading them across emails and spreadsheets.
When the auditor asks "show me your control testing history for Q2", point them at the control-testing export under Reports.