In relation to GDPR, an Audit can be a quality assurance of the company’s compliance. Audits can be divided into two different parts, and you can perform internal audits and external audits. The regulation does not require any internal or external audit, and it is therefore voluntary for the company to carry out audits. Conducting an audit is a good way to check the work carried out in the process to be able to say that the basis for complying with the requirements of the Regulation is met.
For some companies, it may be relevant to have an external audit of e.g., their GDPR compliance. This can be done by an accountant or an external DPO/GDPR specialist. Such external audits may result in statements that can be used as a guarantee to data controllers and the outside world in general that the company has implemented the Regulation correctly. Examples include ISO certifications and ISAE 3000.
Overview of audits
To access the audit module, click on “Audits” (1) in the menu bar on the left. When you click here, you will access the audit module, which may look like this:
2. To create a new audit, click here. By clicking here, you will open a longer form. You can read more about filling out this form further down.
3. By clicking on this icon, you access the individual audit and get access to view the content of that audit.
4. This icon is a function menu. Clicking on the icon will open a tab with the following actions: copy, edit, archive, and delete. By pressing edit, you will open the same form as when you create a new audit. The copy function can be particularly relevant when you want to check what has been prepared in an audit, after which you will be able to review and have your audit audited.
5. Here you can get an overview of the various audits created in the portal. In this example, you can see the title, the status of the various audits and when they were created. Next to each column, you will see arrows. These arrows allow you to set the order in which your audits should be sorted. This allows you to choose to view your audits by time, and by clicking on the arrows next to “created” you can sort whether you want to see the newest or oldest first. By clicking on the funnel icons, you open an advanced search function where it is possible to enter a keyword. It is possible to edit the order of the different columns by clicking on a heading and dragging it to the right or left, depending on where you want it to be. You can sort in which columns you want to appear in your overview. You do this under point 7 in the picture.
6. Here you can choose whether you want to view the active or the archived audits. The default setting will be the active audits.
7. Here you can choose which columns to display in your overview of your audits. By default, all available columns are turned on, but you can choose to turn some off if you don’t want them to appear in your view.
8. When you click here, you can create an audit based on a template. Which templates you can use depends on your agreement with GapSolutions. If you want to create your own templates, this is done by creating an audit, which you can call “template… “, after which you can copy it in the overview when you want to create an audit based on your own template.
Create an audit
When you click on “create” (item 2 in the image above), you will open this form:
- Here you need to give the audit a title.
- When you click on this field, you can choose the status of your audit. You can choose whether your audit is “completed”, “ongoing” or “not started”. The status you choose for your audit will appear in the overview.
- Here you need to provide a description of the audit that you are creating.
- In this field, set the default status setting for the various elements of your audit. You can always manually change the status, and this is only the setup for the default setting.
- Here you can edit and add various statuses by clicking on the small dark blue icon with a plus. When you click the icon, fill in the name of the status you want to create, and then choose which color you want that status to reflect in.
Create goals in your audit
Once you have created an audit, you must subsequently create your audit goals inside your audit. To enter your audit, click here:
When you click here, you will enter your audit. In the example below, an audit is shown where audit goals have already been created. If you haven’t created audit goals in the audit yet, it will appear blank and all you will see is the description and option to create goals.
- The form you open when you click here is the one you filled out when you created your audit. You can therefore read more about the different fields in the guide above.
- The text in this field is the text you entered as a description for your audit. It is an overall description for your entire audit and can be accessed and corrected by clicking on the icon in section 1.
- To create audit goals, click here. By clicking here, you will open a window with a form. You can read more about how to fill this out below:
- By clicking on this bar, you unfold the fields that you can see in points 2 and 3. Here you can access a variety of settings, including general settings and settings for what can be corrected in your audit goals.
- In general settings, you can choose to turn the following on or off: “Heading”, “General reports”, and “Shown on dashboard”. The heading function should be used if you are creating a header for your section. This will cause the text to become bold. If you choose to turn on “General reports”, a field will be created at the bottom of the audit where you can select “General reports”. This will make it possible, for example, to retrieve a summary of your entire audit. Finally, “Shown on dashboard” determines whether the status of the audit goal you are creating should be displayed in the dashboard that will be created for your audit. It will be discussed in more detail below how to work with, among other things, the dashboard.
- In these fields, you can choose whether a number of different elements should be editable for the users who have access to your audit. Access is granted to correct when the icon is green, conversely, the field cannot be corrected if the icon is gray.
- Here you should give your audit goal a title.
- In this field, enter the status of the audit goal that you want to create. The different choices you are given will default to “Not started”, “Ongoing” and “Completed”. You have the option to add other statuses yourself by accessing settings for your audit. You can read more about this above in this guide under “Create Audit” and item no. 5. The statuses you create overall in your audit will follow each audit goal. For example, if you create a headline, you can create a status called “Headline” so that when you look at your audit goals, you will see that these are just headlines, so the other status choices are not relevant to this audit goal. Conversely, you can also choose to give a heading a status that reflects the status of the entire category that you created under that heading. How you choose to use the status feature is up to you.
- In this field, enter a description of the audit goal. Often a legal text is indicated here, or a description of what the goal requires. If you want to create a more detailed explanation of what it takes to comply with these requirements, you can, for example, enable “guide” in settings, and use it to describe how the audit goal can be met.
Working with audit goals
Once you’ve created your audit goal, your audit is ready to be prepared. Below it will be described how you can use the module to carry out your audit goal.
- Here you can see an example of a headline. The text is bold because the settings for the audit goal have been selected as a “Heading”. You can click on this audit goal and read a detailed description of this category’s goals.
- This is an audit goal created under the heading above. When working with the audit goal, you can click here, which will open information about the audit goal as well as the opportunity to fill in the necessary documentation. This will be described in more detail below.
- On the right side, as in the point here, you can get an overview of the status of the various audit goals. In the example here, there has been created a status called “header”. You can also choose to use the default statuses or create others and use the status function to give an overall overview of the overall category. The status shown here is determined by what it’s set for, either by default or because the status has been updated.
Below, you can see an example of how to work with an audit goal. The example is based on the audit goal showed in item no. 2 in the image above.
- These fields are the same as when you created your audit goal and are described further up in this guide.
- This field is a text field where documentation of how the audit goal is being met can be filled in.
- Here you will be able to see the added elements to the audit goal that document how the audit goal is met, if any elements have been added. Elements can be added below in point 4.
- In this field, various elements can be added that, in one way or another, can document how an audit goal is met. For example, it may be that you have an audit goal that consists of inspections of data processors, and you document this by adding data processing inspections as documentation for meeting this goal. To add items, click on the “add” field and you will be able to choose from a wide range of categories, such as work processes and security measures, etc. Once you have selected the category, a new field will appear. For example, if you selected “work processes,” you will get a field where you can choose from all the work processes you have created in the portal. When adding elements as documentation for your audit goals, the documentation will automatically update when updating the element that’s added to the audit goal. When you use the field in section 3 for documentation, you must update this yourself.
If you add a workprocess or any other element to the audit goal, the form will automatically generate another field called “reports”. Here you can generate and complete your audit goal with a report. You can choose what the report should be based on – for example, it may be a legal basis for which you want a report.
Other audit functions
When you access an audit, in addition to what is described above, you will have a few functions on the right side. These can be seen in the picture below:
- By clicking this icon, you can edit settings for the dashboard created for each audit.
- This icon is tasks. Here you can view any tasks created and create new tasks.
- When you need to send your audit to recipients, it is done via this icon.
- By clicking here, you will open the dashboard for your audit.
- Here you can export your audit. When you click here, you create an Excel file with your audit, which is downloaded to your computer.
For each audit you create, a Dashboard is created to help create an overview of your Audit. You access the setup for your Dashboard by clicking on the icon shown under point 1 in the image above. When you open the settings of your Dashboard, it will look like this:
- In this field, you control what you want to display in your Dashboard.
- Using these two buttons, you can choose to turn on all items so that they appear in your Dashboard or turn all off.
- These icons express whether an item appears in your Dashboard. When turned on, the icon appears dark blue, while it appears gray when turned off. Here you can select the individual items that you want to appear in your Dashboard by turning them on or off.
- This part of the settings does not relate to what you see in your Dashboard, but to what you want to see or not to see in your audit. When you open the option, all fields will be blank, and this means that the system will “ignore” them. This means that the different elements are shown if it’s the default setting, and not shown, if that’s the default setting. If you click next to an item once, you’ll get a check mark in the box. This means that you want to enable this point and have it appear in your audit goals. If you click twice on a field, there will be a cross. The cross indicates that you have disabled the function and will not see it appear in your audit objectives.
When you click on “Dashboard” in the menu bar on the right of your Audit, it might look like this:
- Here you can get an overview of the status of the various audit goals. In the example here, default status settings have been applied, but if you have added other statuses with other colors, these will be reflected in your Dashboard.
- Here you can get a closer insight into the status of the different audit goals you have created in your audit. The bar reflects the different statuses based on their colors, but if you want more insight into which audit goals have which status, you can click on the bar. When you click on the bar, you will open an overview showing all audit goals divided into “Not Started”, “Ongoing” and “Completed”. Here it is possible to access the individual audit goals, complete them and change their status.
- This bar indicates the amount of audit goals where documentation is missing. As with the status, you can click on the bar, after which you can see which audit goals are missing documentation.
The dashboard can have multiple or different bars. This depends on which setup you selected during setup of the Dashboard.
Tasks and send Audit
In the Audit module, you can create and send tasks to your users in the portal. This is done by clicking on the task icon, which is explained further up. When you click on the icon, you will open a window that may look like this:
- Here you can create a new task. Clicking “create” will open a window with a form. In the form, give the task a title, describe the task, and add recipients of the task you’re creating.
- Here you can see the tasks created in the audit. If you have many, it is possible to sort the overview of them by clicking on the arrows to the right of the “title”. By default, the tasks are displayed in alphabetical order, but by clicking the arrows twice, it is possible to display the tasks in reverse alphabetical order.
- Here you can access a task and edit the task. When you click here, the same window opens as when you create a new task.
- Here you can delete a task.
When you want to send an audit to users in the portal, this is done by clicking on the icon that comes after the task icon on the right side of the top menu of your audit. When you click on the icon, you will open a window that may look like this:
- Here you can create new recipients. When you click here, a longer form will open, which will be reviewed below.
- If you have created recipients in your audit, you will be able to see their name and email in this overview. You can sort in alphabetical order by using the arrows to the right of name and email.
When you want to create a new recipient, the form you need to fill out will look like this:
- Here you need to enter some information, on the recipient you want to create. You will need to enter a name as well as email. In addition, you must select the language in which the recipient will access the audit.
- Under settings, set which elements of the audit objectives the recipient can see and edit.
- Finally, you must choose which sections from your audit you want to send to the recipient. In the right corner of the field, you can select all if you want to send all. In addition, next to each section, you can choose whether to send it or not to send. Please note that if you send multiple sections at once, the settings you have made in section 2 will apply to all sections that you send.