Workflows and project types

Workflows define the components available in a project or framework and project types define the structure of a project or framework, including the terminology used in the project or framework.

What are workflows?

Workflows define the components available in a project or framework. When choosing a workflow, you should consider:

  • the type of project or framework you want to create
  • whether the project or framework is simple or complex

There are two workflows available in the Projects app:

Workflow Description Detailed Information



Appropriate for straight-forward projects and frameworks, which consist of a set of steps or procedures that the assurance team will execute, and the documentation of the outcome of each step Workplan workflow
Internal Control Appropriate for more complex types of projects and frameworks, where narratives are defined, walkthroughs are performed to verify control design, and tests are performed to verify the operating effectiveness of controls Internal Control workflow

What are project types?

Project types define the structure of a project or framework, including the terminology used in the project or framework. The default terms used in the Projects app are dependent upon the project type that you select.

Project Admins and Project Type Admins can customize the terminology used in project types, modify the existing project types available in the Projects app, or create new project types.

For more information, see Customizing terms, fields, and notifications.

Default project types

The default project types are categorized by the workflows available in the Projects app:

Workflow Project type Description
Workplan Compliance Investigation / Examination Audits of regulatory or legal compliance
Internal Audit (Operational) Internal audits where risks are tested by identifying and executing audit procedures
Other Project / Audit All other types of audits
Revenue Assurance Audit Review of licensing / royalty compliance
Training A project type used for training purposes
Internal Control Business Process Review Review of operational or business processes
Internal Audit (Financial & Internal Control) Internal audits where risks are addressed by identifying and testing controls
Operational Risk Assessment Assess your organization's objectives, related process-level risks and controls
Pandemic Risk & Response Management Manage and execute your organization's pandemic response plan
Sarbanes-Oxley Review Review of internal controls for SOX compliance
SOC/SSAE 16/ISAE 3402 Audit Service auditor's examinations of internal controls

Updating project types

If you update terms and configure fields within a project type, the changes are applied to all active projects, archived projects, temporarily deleted projects, and frameworks associated with the project type.

For more information, see Why data in your project or framework has changed.

Changing project types

You can only change the project type of a project or framework to a project type that belongs to the same workflow (Internal Control or Workplan).


Changing the project type permanently removes data associated with the following items:

  • assessment drivers
  • custom risk scoring factors
  • custom date fields
  • custom attributes

Once removed, you are not able to restore any of these items.

Disabling or deleting project types

If you don't want to use a project type anymore, you can disable or delete it.

  • If the project type is associated with active, archived, or temporarily deleted projects, or frameworks, you can't delete the project type. However, you can disable it to prevent it from being associated with future projects.

    For more information, see Disable a project type

  • If the project type is unassociated with any current projects or frameworks, you can delete it.

    For more information, see Delete a project type