As part of the changes we are planning with triggers (Feature - Triggers for Automated Testing of Internal Controls / Audits) we will be doing some updates on the “Audit” and “Maintenance” modules:
Internal Control / Audit Tab changes
- the UI/UX for audits must support the concept of triggers
- If the user selects triggers, eramba won’t create audit records, is expected that the trigger code does that
- If a control is created, the save action will create audit records for the CURRENT calendar year, it will not create audits for the next calendar year as we do now (the reason we did that is because notifications such as -60 days would not work). What we will do is let the cron create audit records as needed, say 60 days ahead of time. It will also not create audits with PAST dates anymore (today we do it)
- If a control is edited and the user changes settings on any of these fields: “methodology, success criteria, audit owner, evidence owner” , you then update all incomplete audit records with future planned dates with that data. If the user also changes the dates of audits, you create whatever new dates they selected (remember, we now only create audit records for future dates on the currrent calendar year alone)
Audit records CRUD changes:
- When editing an audit record, we need to hide the following fields: “Audit Owner”, “Audit Evidence Owner”, “Planned Start”, “Audit Methodology”, “Audit Success Criteria”
- When editing an audit record, we need to disable the following fields: “Audit Methodology”, “Audit Success Criteria”
- Once an audit record is edited and saved, it can no longer be edited (the same as reviews), if a new audit is needed an ad-hoc record must be created.
Internal Control / Maintenances Tab changes
- for new installs, we will hide the fields on Maintenance tab by default so the tab does not even show up
- those that have already eramba installed and have not configured maintenances (on any control), they also get the fields hidden
- those that have eramba and use maintenances, we need to follow the same logic as audits.
NOTE:
- this might apply as well to Goals, Business Continuity plans
- this might make changes on the API , if that is the case we need to let users know when we do the release