External audits: Send audits to multiple legal entities at once - Privacy, August 2024 📧
Enhance your audit process with Privacy by sending custom audits directly to your legal entities, including vendors, customers, collaboration partners etc. This new feature is an extension of our Vendor Management and Custom Audits Module. Easily create an audit group and distribute to multiple legal entities at once. Track progress, receive status updates and get a comprehensive management report upon completion. Use this feature for vendor screening, vendor assessments, data privacy and protection assessments and much more.
Create an audit group
An audit group consists of the same audit that is send to multiple of your legal entities at once. For instance, you can use the feature if you want to ensure proper data processing and supervision of your data processors by sending an audit for completion. Before creating an audit group, you must create the template you want your legal entities to answer. For detailed instructions on creating assessments/audits, please see our earlier blog post here: Vendor Management and Audits. Once you've completed your template, don't forget to activate it.
Now you're ready to create an audit group. Go to the menu item "Audits & Assessments" and select "External audits". Click "Create audit group". Name your audit group and add a description (optional). Select which audit you want to send. In the dropdown menu you can choose between all active external audit templates. You must also select the individual who will be responsible for the audit group. The chosen person’s name and email will be included in the email sent to the designated contacts. Afterwards, select the deadline for answering the audit. The contact will still be able to submit the audit after the deadline, so it is only for formalisation. The deadline will be stated in the email sent to the designated contacts.
Click "Next" at the bottom of the dialogue and select whether the audit should be sent on behalf of the entire group or a single group company. The name of the entire group or the selected group company will appear as the sender in the email sent to the respondent. If it’s chosen that the audit should be sent from the entire group, all users will have access to it in the audit overview. If, on the other hand, a group company is selected as the sender, only users who have permission to the chosen group company, will have access to the audit in the overview. If a user only has access to one group company this step will not be shown, and the audit will be sent from that particular group company.
Once done click "Create draft".
Audit group: Draft
Now you are ready to choose the legal entities to which you want to send your audit. Use the filters to find the legal entities, and select the checkboxes next to the desired ones.
After selecting the legal entities, you can choose the specific contact to receive the audit. The contacts you can choose between in the dropdown menu are the ones you have created under the tab "Contacts" at the legal entity page. The role of the contact is stated in parentheses after the name and you can view their email address by hovering over their name. You also have the option to create a new contact directly from the dropdown menu by clicking "Create new."
Lastly, you can specify whether the audit should be answered in relation to one or more specific assets. You do not need to select any assets in order to send the audits.
Once you have selected the legal entities, click "Send audits." A summary will be displayed before the audits are sent.
Overview of audit groups
Once the audits are sent, the audit group will be displayed in the external audits overview. This overview provides a concise status summary, showing the number of legal entities the audit was sent to, how many have opened it, how many have submitted it, and how many have been excluded from responding. Additionally, a progress bar indicates how close you are to having the entire audit group complete the audit.
Please note, that audits issued from the individual legal entity do not appear in the list below. If you want to add an audit, sent directly from a legal entity, to the list, you can do this from the audit tab on the legal entity. From the menu (the three green dots) on the audit, select “Add to audit group”. However, audits initiated via “External audits” will automatically appear in the audit list on the individual legal entity.
Audit group: In progress and completed
When send out, the audit group changes status to "In progress". The list enables you to keep track with the audits and how far the contacts are with answering the audit. See the status, risk level, score, audit report and when a reminder last was sent. You can also write a note to each audit you have sent. For instance you can write if you have made a certain agreement with one of the legal entities in the audit group.
From the overflow menu you can also close an audit if for some reason an audit does not need to be answered anyway. You can also change the contact of an audit if the audit was sent to the wrong contact. The information email will automatically be sent to the new contact.
Reminders will be sent automatically after 7 days, 14 days, 21 days and so on until the audit has been submitted (or closed). You can also sent a reminder manually from the overflow menu.
When all audits have been submitted, or closed, the audit group will change status to "Completed". If your audit had a score enabled, then you can now see an overall risk level and score for the whole audit group. You can also see the risk level and score for each individual audit completion. Furthermore, you can view and download the management report.
Add legal entity to audit group
If an audit group has the status "In progress" or "Completed", you can still add a legal entity to the group. To do this, click the edit symbol in the upper right corner and select "Add legal entity". Choose the legal entity or entities you want to add to the audit group and click "Send". The new entities will now appear in the list.
Please note, if you add a legal entity to an audit group that has already been completed, the audit group's status will revert to "In progress."
Management report
The purpose of the management report is to provide a comprehensive overview of your respondents' risk level. The respondents have answered several questions, that underlies the automatically calculated risk levels and scores - if score has been enabled to the template. Moreover, the report creates an overview of the individual respondent's answers on an overall risk and section level.
The management report consists of the following:
- Summary
- Figure 1: The allocation of the overall risk levels
- Figure 2: The average score for each sections (Visible only if the audit is divided into sections)
- Overview of individual respondents:
- Completed
- In progress
- Excluded
The management report can be viewed in the browser or downloaded as a PDF.
We hope you will enjoy the new features 🎉