Workflows and compliance assessment types
Workflows define the components available in a compliance assessment or framework and compliance assessment types define the structure of a compliance assessment or framework, including the terminology used in the compliance assessment or framework.
What are workflows?
Workflows define the components available in a compliance assessment or framework. When choosing a workflow, you should consider:
- the type of compliance assessment or framework you want to create
- whether the compliance assessment or framework is simple or complex
There are two workflows available in the Compliance Workspace app:
|Appropriate for straight-forward compliance assessments and frameworks, which consist of a set of steps or procedures that the assurance team will execute, and the documentation of the outcome of each step||Workplan workflow|
|Internal Control||Appropriate for more complex types of compliance assessments and frameworks, where narratives are defined, walkthroughs are performed to verify control design, and tests are performed to verify the operating effectiveness of controls||Internal Control workflow|
What are compliance assessment types?
Compliance assessment types define the structure of a compliance assessment or framework, including the terminology used in the compliance assessment or framework. The default terms used in the Compliance Workspace app are dependent upon the compliance assessment type that you select.
You can customize the terminology used in compliance assessment types, modify the existing compliance assessment types available in the Compliance Workspace app, or create new compliance assessment types.
For more information, see Customizing terms, fields, and notifications.
Default compliance assessment types
The default compliance assessment types are categorized by the workflows available in the Compliance Workspace app:
|Workflow||Compliance assessment type||Description|
|Workplan||Compliance Investigation / Examination||Audits of regulatory or legal compliance|
|Internal Audit (Operational)||Internal audits where risks are tested by identifying and executing audit procedures|
|Other Project / Audit||All other types of audits|
|Revenue Assurance Audit||Review of licensing / royalty compliance|
|Training||A compliance assessment type used for training purposes|
|Internal Control||Business Process Review||Review of operational or business processes|
|Internal Audit (Financial & Internal Control)||Internal audits where risks are addressed by identifying and testing controls|
|Operational Risk Assessment||Assess your organization's objectives, related process-level risks and controls|
|Pandemic Risk & Response Management||Manage and execute your organization's pandemic response plan|
|Sarbanes-Oxley Review||Review of internal controls for SOX compliance|
|SOC/SSAE 16/ISAE 3402 Audit||Service auditor's examinations of internal controls|
Updating compliance assessment types
If you update terms and configure fields within a compliance assessment type, the changes are applied to all active compliance assessments, archived compliance assessments, temporarily deleted compliance assessments, and frameworks associated with the compliance assessment type.
For more information, see Why data in your compliance assessment or framework has changed.
Changing compliance assessment types
You can only change the compliance assessment type of a compliance assessment or framework to a compliance assessment type that belongs to the same workflow (Internal Control or Workplan).
Changing the compliance assessment type permanently removes data associated with the following items:
- assessment drivers
- custom risk scoring factors
- custom date fields
- custom attributes
Once removed, you are not able to restore any of these items.
Disabling or deleting compliance assessment types
If you don't want to use a compliance assessment type anymore, you can disable or delete it.
If the compliance assessment type is associated with active, archived, or temporarily compliance assessments, or frameworks, you can't delete the compliance assessment type. However, you can disable it to prevent it from being associated with future compliance assessments.
For more information, see Disable a compliance assessment type
If the compliance assessment type is unassociated with any current projects or frameworks, you can delete it.
For more information, see Delete a compliance assessment type