Audit app permissions
Note
Access to the Roles & Permissions menu is currently limited to organizations using the Audit or Internal Controls apps.
Roles and permissions help organizations to enforce segregation of duties, maintain data integrity, improve security, and streamline workflows. As an administrator, you can assign specific roles to control user access to sensitive information.
Roles in Audit
The following table describes the roles in Audit:
| Role | Description | Required license |
|---|---|---|
| Head of Audit | Has full access to the Audit app, overseeing the entire Audit universe, including Audit risk assessment and the Audit plan. | Professional |
| Audit Manager | Can contribute to Audit risk assessments and Audit plans, taking ownership of the Audit fieldwork. | Professional |
| Auditor | Contributes to the Audit fieldwork and performs controls testing activities. | Professional |
| Audit QA | Has comprehensive read-only access to all functionalities within the Audit app. | Professional |
Permission details
The following table lists the permissions for each Audit role:
- Has permission
- No permission
| Object | Subgroup | Action | Role | |||
|---|---|---|---|---|---|---|
| Head of Audit | Audit Manager | Auditor | Audit QA | |||
| Auditable entity | Audit universe management | Define |
|
|
|
|
| Redefine |
|
|
|
|
||
| List |
|
|
|
|
||
| Main actions | View details |
|
|
|
|
|
| Edit |
|
|
|
|
||
| Assessment factor | Main actions | Add |
|
|
|
|
| List |
|
|
|
|
||
| Edit |
|
|
|
|
||
| Delete |
|
|
|
|
||
| Scales | Main action | Select |
|
|
|
|
| Audit risk assessment | Main actions | Add |
|
|
|
|
| List |
|
|
|
|
||
| View details |
|
|
|
|
||
| Delete |
|
|
|
|
||
| Configure |
|
|
|
|
||
| Score |
|
|
|
|
||
| Export |
|
|
|
|
||
| Manage conclusion | Add conclusion |
|
|
|
|
|
| Edit conclusion |
|
|
|
|
||
| Status management | Conclude |
|
|
|
|
|
| Mark as Completed |
|
|
|
|
||
| Revert to In progress |
|
|
|
|
||
| Prioritized auditable entity management | Add and remove auditable entity to priority list |
|
|
|
|
|
| Change priority rank |
|
|
|
|
||
| Add note |
|
|
|
|
||
| Edit note |
|
|
|
|
||
| Delete note |
|
|
|
|
||
| Audit Plan | Main actions | Add |
|
|
|
|
| List |
|
|
|
|
||
| View details |
|
|
|
|
||
| Edit details |
|
|
|
|
||
| Delete |
|
|
|
|
||
|
Export |
|
|
|
|
||
| Scope management | Generate audits |
|
|
|
|
|
| Include or exclude audit |
|
|
|
|
||
| Link or unlink audit risk assessment |
|
|
|
|
||
| Status management | Propose |
|
|
|
|
|
| Mark as approved |
|
|
|
|
||
| Launch |
|
|
|
|
||
| Close |
|
|
|
|
||
| Revert to draft |
|
|
|
|
||
| Audit | Main actions | Add |
|
|
|
|
| List |
|
|
|
|
||
| View details |
|
|
|
|
||
| Edit details |
|
|
|
|
||
| Delete |
|
|
|
|
||
| Scope management | Scope auditable entities |
|
|
|
|
|
| Status management | Move to planning |
|
|
|
|
|
| Set to In progress |
|
|
|
|
||
| Approve and close |
|
|
|
|
||
| Control test | Main actions | View detail |
|
|
|
|
| Edit details |
|
|
|
|
||
| Status management | Ready for testing |
|
|
|
|
|
| Start testing |
|
|
|
|
||
| Submit for approval |
|
|
|
|
||
| Approve |
|
|
|
|
||
| Decline |
|
|
|
|
||
| Reopen |
|
|
|
|
||
| Audit finding | Manage | Watch |
|
|
|
|
| Identify |
|
|
|
|
||
| Review actions |
|
|
|
|
||
View role details
-
From the left navigation pane of Platform home page, select Platform Settings, and then select Roles & Permissions.
-
On the Roles & Permissions page, from Audit, select the role name whose details you want to view.
-
On the role details page, view the following details:
-
The role type
-
Description of the role
-
A summary of the permissions
-
The list of assigned users
-
The list of assigned groups
-
Assign users to a role
-
On the Roles & Permissions page, under Audit, select the role name you want to assign users to. Depending on the role required, you must assign the following permissions for the Audit and Internal Controls apps:
-
Head of Audit Head of Audit (Audit) and Head of Internal controls (Internal Controls)
-
Audit manager Audit manager (Audit) and Controls Manager (Internal Controls)
-
Auditor Auditor (Audit) and Control Performer (Internal Controls)
-
Audit QA Audit QA (Audit) and Controls QA (Internal Controls)
Note
Only System Admins can assign the above permissions.
-
-
On the role details page, go to the Assign users tab, and then select + Assign users.
-
In the panel that appears, select the users you want to assign to the role, and then select + Assign users.
You must also assign the necessary Risk Manager assets to these users for these roles.
Assign assets to a user
-
From the left navigation pane of Platform home home page, select Platform Settings, and then select Users.
-
Select the Asset roles tab and select Assign.
-
From the Role dropdown menu, select Risk Manager.
-
Select Select users..., search for and select a user and select Assign.
Download the list of users
You can download the list of all assigned users of a role by selecting Export on the Assign users tab.
Unassign a role
-
On the Assign users tab, select the user whom you want to unassign.
-
Select Unassign.
-
In the confirmation dialog box, select Confirm.
Assign groups to a role
-
On the Roles & Permissions page, under Audit, select the role name you want to assign groups to.
-
On the role details page, go to the Assign groups tab, and then select + Assign groups.
-
In the panel that appears, select the groups you want to assign to the role, and then select + Assign groups.
