Audit entry
The audit entry field marks a record as third-line, restricting its visibility to users who hold the third-line manager role. Third-line records are excluded from the views and calculations that second-line users rely on.
Audit entry is a field added to six GRC objects that enables third-line managers to distinguish audit-only records that other GRC users work with daily. Selecting the audit entry check box marks the record as third-line and hides it from second-line users.
Objects where the audit entry field appears
The audit entry field is available on the following objects.
| Object | Source application |
|---|---|
| Control | Policy and Compliance Management |
| Control objective | Policy and Compliance Management |
| Entity | GRC Core |
| Engagement | Audit Management |
| Risk | Risk Management |
| Risk statement | Risk Management |
The state of the audit entry check box determines whether a record is treated as third-line or second-line.
- When audit entry is selected, the record is a third-line record. Only users with the sn_audit_ws.third_line_manager role can view or modify the record from the Audit Workspace.
- When audit entry is cleared, the record is a second-line record. The record behaves the same as records created before this feature was introduced, and is visible to second-line users with the corresponding compliance or risk role.
After a record is saved, the audit entry field is locked and can't be changed.
Impact on risk score roll-up
Third-line entities, third-line risk statements, and third-line risks are excluded from the risk score roll-up calculation. This exclusion helps avoid third-line records from changing the assessment scores that second-line users see on second-line risks.
Impact on compliance score roll-up
Third-line control objectives and third-line controls are excluded from the compliance score roll-up calculation. This exclusion helps avoid third-line records from changing the compliance scores that second-line users see on second-line controls.