Audit execution

Under "Audit management → Audit execution" you find all reviews, review objects, gaps, and instances of clarification needed of the current management system.

Under "Audit management → Audit execution → Reviews | Objects of review | Gaps | Clarification needed" you find all the reviews of the management systems. This includes those reviews related to an audit as well as those that aren't linked. The display of a review is also independent of its state.

It is also possible to create new reviews for audits here (gap analyses, review results, and protection needs analyses).

Double-clicking on a review will take you to it.

More on creating and editing reviews can be found here (gap analyses and review results) as well as here (protection needs analyses).

Under "Audit management → Audit execution → Review | Objects of review | Gaps | Clarification needed", you find all the review objects that were created in the course of reviews in the current management system.

Double-clicking on a review object opens the detailed view. Here, you can see how the review object was answered. Likewise, if several versions of the review object are available, you can view how the assessment of the review object has developed from one version to the next. Only the header data of a review object can be edited via this mask. This means that this mask cannot be used to answer a review object.

Furthermore, the semi-automatic revaluation of review objects can be initiated on this page. Find more on this here.

Under "Audit management → Audit execution → Reviews | Objects of review | Gaps | Clarification needed", you find all gaps that were identified during the performance of reviews.

The optional columns "Measure missing", "Target value missing", "Target value too low" can be used to find out against which gaps nothing or too little has been done. These gaps are tagged in the overview. If a gap does not have a tag, this means that attempts are being made to correct the gap.

You also have the option here to assign gaps to a risk.

Double-clicking on a gap opens the review at the point where the gap was detected. Here, measures and controls for the gap can now be defined. For more information, see Answer review questions.

Optionally, it is possible to display a column that shows whether the line is a review question (from a knowledge base) or a review result (freely entered). This allows experts to then expand their self-developed knowledge bases by review results that are often added to reviews during the interview.

With the filter, it can be selected which type of gaps is displayed:

• negative: review questions/results that were evaluated < the target score
• none: review questions/results that were evaluated = the target score
• positive: review questions/results that were evaluated > the target score

What the target score level is and where it is set can be found under Management systems. Wherever gaps occur, there is an additional form of sorting: the target score weighting. This is possible, for example, under "Risk management → Vulnerabilities → Gaps".

If activated, the sorting of protection targets is based on the target score weighting. The greater the deviation from the target score level and the greater the weighting of the protection target, the greater the target score weighting: target score weighting = deviation level * weighting of the protection target.

Note: A response of "No" corresponds to score level 1, "Partially" corresponds to score level 3.

Examples for illustration: Protection goal weighting: Mean (3).

• score of deviation = 2, target score = 4 => Degree of deviation = 2, target score weighting = 2 * 3 = 6.
• score of deviation = 4, target score = 4 => degree of deviation = 0, target score weighting = 0 * 3 = 0.

Under "Audit Management → Audit execution → Reviews | Objects of review | Gaps| Clarification needed", you find all review questions/review results that were marked with "Clarification needed" in the course of a review.

This label is necessary in practice if you cannot yet clarify how the question is to be answered when answering a review question. This can happen if, for example, you would need to consult another person or otherwise research the information. Following a series of reviews, the system evaluates which questions still need to be researched. This is exactly what the "Clarification needed" view is for.

If you double-click on a review question/result, you will be redirected to it.

It is also possible to export a list of all review questions/results requiring clarification via the "Export" button (next to the search bar). This provides an easy-to-use list of the review questions that require clarification.