Audit observations

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Audit observations

    Audit observations capture the results of an audit, including reviews, analysis, interviews, and discussions. They highlight significant issues for audit managers and are essential components of audit reports. These observations are based on evidence gathered during audits, such as control testing and walkthroughs, to evaluate performance against audit criteria.

    Show full answer Show less

    Audit users create observations within engagements or audit tasks, provided the engagement is not in the Follow Up or Closed state. After audits conclude, observations help auditors summarize problems, findings, and recommendations to the audit team for further evaluation.

    Audit Observation Lifecycle and Workflow

    Audit observations progress through several states: Draft, Review, Respond, Finalize, and Closed. The workflow involves collaboration among various roles:

    • Audit user (snaudit.user role): Creates the observation and assigns respondents (entity and control owners) and peer reviewers (auditors and audit leads).
    • Peer reviewers: Receive notifications to perform peer reviews, accessible under Audit > Observations > My Pending Peer Reviews. Peer reviews keep the observation in Draft state but update the substate to Peer review requested.
    • Reviewers (audit managers or audit leads): Receive notifications to review observations via Audit > Observations > My Pending Reviews. They can request revisions, request responses from respondents, or provide feedback in the Results section.
    • Respondents: Address review requests and respond to observations via Audit > Observations > My Pending Response.

    After responses, the observation moves to the Finalize state, then is closed, which triggers the creation of an issue.

    Practical Benefits for ServiceNow Customers

    • Enables systematic tracking and management of audit findings within ServiceNow.
    • Facilitates collaboration among auditors, managers, respondents, and reviewers through role-based notifications and task assignments.
    • Supports structured review and response processes to ensure audit observations are validated and addressed appropriately.
    • Provides traceability by linking observations to resulting issues, enhancing follow-up and remediation.

    Audit observations are the results of an audit. As an important part of the audit report, audit observations represent the results of reviews, analysis, interviews, and discussions.

    Audit observations are used to bring significant issues to the attention of audit managers. Observations are logged in the system. For example, if a bank's operations are being audited, then the audit observations are based on evidence about how the bank's operations perform against the audit criteria. During control testing, interviews, and walkthroughs, audit observations are recorded. An audit user can create an observation from an engagement if the engagement is not in the Follow Up or Closed states. An observation can also be created from all types of audit tasks.

    After the auditor completes the audit, the auditor then presents the audit observations to the audit managers. By using the audit observations, the auditor can present a summary of problems, discoveries, and recommendations. The audit team reviews the observations to determine if the observation is a reportable issue. The audit team can also determine if the observation can be tracked as a recommendation, an observation, or a best practice.

    In its life cycle, an audit observation moves through the following states:
    1. Draft
    2. Review
    3. Respond
    4. Finalize
    5. Closed
    The workflow of an observation is as follows:
    1. An audit user with the role sn_audit.user creates an observation.
    2. The observation creator assigns respondents and peer reviewers to the observation. The respondents are the entity owners and control owners. The peer reviewers are the auditors and audit leads of the engagement.
    3. The observation creator can request a peer review of the observation. In that case, the following then happens.
      1. The peer reviewer gets a notification to perform the peer review. The peer reviewer can view the task under Audit > Observations > My Pending Peer Reviews.
      2. The peer reviewer completes the review.
      Note:
      When a peer review is requested, the state remains as Draft but the substate changes to the Peer review requested substate.
    4. The observation creator can also request a review. The reviewer can be an audit manager or the audit lead.
      1. The reviewer gets a notification to perform the review. The reviewer can view the task under Audit > Observations > My Pending Reviews.
      2. The reviewer can either request a revision of the observation or request a response from the respondent. The reviewer can also provide feedback in the Results section by selecting the appropriate option.
    5. If the reviewer requested a response from the respondent, then the respondent responds to the observation by navigating to Audit > Observations > My Pending Response.
    6. The observation moves to the Finalize state.
    7. The observation is closed and an issue is created.
    Figure 1. Audit observations workflow
    The lifecycle of audit observation