Workflows and compliance assessment types

Workflows define the components available in a compliance assessment or framework and compliance assessment types define the structure of a compliance assessment or framework, including the terminology used in the compliance assessment or framework.

What are workflows?

Workflows define the components available in a compliance assessment or framework. When choosing a workflow, you should consider:

  • the type of compliance assessment or framework you want to create
  • whether the compliance assessment or framework is simple or complex

There are two workflows available in the Compliance Workspace app:

Workflow Description Detailed Information

Workplan

 

Appropriate for straight-forward compliance assessments and frameworks, which consist of a set of steps or procedures that the assurance team will execute, and the documentation of the outcome of each step Workplan workflow
Internal Control Appropriate for more complex types of compliance assessments and frameworks, where narratives are defined, walkthroughs are performed to verify control design, and tests are performed to verify the operating effectiveness of controls Internal Control workflow

What are compliance assessment types?

Compliance assessment types define the structure of a compliance assessment or framework, including the terminology used in the compliance assessment or framework. The default terms used in the Compliance Workspace app are dependent upon the compliance assessment type that you select.

You can customize the terminology used in compliance assessment types, modify the existing compliance assessment types available in the Compliance Workspace app, or create new compliance assessment types.

For more information, see Customizing terms, fields, and notifications.

Default compliance assessment types

The default compliance assessment types are categorized by the workflows available in the Compliance Workspace app:

Workflow Compliance assessment type Description
Workplan Compliance Investigation / Examination Audits of regulatory or legal compliance
Internal Audit (Operational) Internal audits where risks are tested by identifying and executing audit procedures
Other Project / Audit All other types of audits
Revenue Assurance Audit Review of licensing / royalty compliance
Training A compliance assessment type used for training purposes
Internal Control Business Process Review Review of operational or business processes
Internal Audit (Financial & Internal Control) Internal audits where risks are addressed by identifying and testing controls
Operational Risk Assessment Assess your organization's objectives, related process-level risks and controls
Pandemic Risk & Response Management Manage and execute your organization's pandemic response plan
Sarbanes-Oxley Review Review of internal controls for SOX compliance
SOC/SSAE 16/ISAE 3402 Audit Service auditor's examinations of internal controls

Updating compliance assessment types

If you update terms and configure fields within a compliance assessment type, the changes are applied to all active compliance assessments, archived compliance assessments, temporarily deleted compliance assessments, and frameworks associated with the compliance assessment type.

For more information, see Why data in your compliance assessment or framework has changed.

Changing compliance assessment types

You can only change the compliance assessment type of a compliance assessment or framework to a compliance assessment type that belongs to the same workflow (Internal Control or Workplan).

Caution

Changing the compliance assessment type permanently removes data associated with the following items:

  • assessment drivers
  • custom risk scoring factors
  • custom date fields
  • custom attributes

Once removed, you are not able to restore any of these items.

Disabling or deleting compliance assessment types

If you don't want to use a compliance assessment type anymore, you can disable or delete it.

  • If the compliance assessment type is associated with active, archived, or temporarily compliance assessments, or frameworks, you can't delete the compliance assessment type. However, you can disable it to prevent it from being associated with future compliance assessments.

    For more information, see Disable a compliance assessment type

  • If the compliance assessment type is unassociated with any current projects or frameworks, you can delete it.

    For more information, see Delete a compliance assessment type