SecureHiveDocs
Sign InGet Started
Audit Management

End-to-End Example

Complete walkthrough from framework setup to final report generation

Example Scenario

Organization

Acme Corporation

Objective

Conduct Q1 2026 ISO 27001 Internal Audit

Focus

IT Access Controls

Complete Workflow Phases

Phase 1
Setup and Configuration
License Audit Framework
Create Audit Program
Create Audit Cycle
Create Audit Instance
Configure Workflows and Templates
Configure Workload
Phase 2
Control Testing
Select Controls to Test
Configure Control Test
Create Initial Assignment
Executor Performs Test
Reviewer Reviews Work
Approver Approves Test
Phase 3
Findings and Remediation
Document Finding
Create Remediation Action
Track Remediation Progress
Phase 4
Reporting
Generate Audit Report
Review and Approve Report

Phase 1: Setup and Configuration

Step-by-Step Setup
Configure the audit module from framework to workload
1

License Audit Framework

Navigate to Audit ManagementFrameworks → Browse marketplace → Select "ISO 27001 Information Security Management" → Click "License Framework".

2

Create Audit Program

Create program: "2026 ISO 27001 Compliance Program" → Select framework → Set dates (Jan 1 - Dec 31, 2026) → Assign Lead Auditor: John Smith.

3

Create Audit Cycle

Within program → Create cycle: "Q1 2026 Internal Audit" → Set dates (Jan 1 - Mar 31, 2026).

4

Create Audit Instance

Within cycle → Create instance: "IT Access Controls Audit" → Set scope, objectives, dates → Assign team: Sarah Johnson, Mike Davis.

5

Configure Workflows and Templates

Create "IT Control Template" (EXECUTOR, MEDIUM priority, 14 days) → Create "Standard Control Test Workflow" (3 steps: Executor → Reviewer → Approver) → Set both as default.

6

Configure Workload

Review workload dashboard → Verify team members have appropriate capacity → Adjust limits if needed (all settings look good).

Phase 2: Control Testing

Execution Steps
Select controls, create tests, and execute assignments
7

Select Controls to Test

Instance → Controls tab → "Add Controls" → Select: A.9.1.1, A.9.2.1, A.9.2.3 → Control tests automatically created.

8

Configure Control Test

Click on "A.9.1.1 - Access control policy" → Fill test objective, procedure, risk level (HIGH) → Set planned dates (Jan 20 - Feb 5, 2026).

9

Create Initial Assignment

Control Test → Users Assigned tab → "Assign User" → Select Sarah Johnson (EXECUTOR) → Template applies defaults (MEDIUM priority, 14 days) →Workflow triggers → Auto-assigns REVIEWER and APPROVER.

10

Executor Performs Test

Sarah logs in → Sees assignment → Reviews test procedure → Performs test → Documents findings → Uploads evidence (policy PDF, screenshots, interview notes) → Marks as "Submitted for Review"Workflow Step 2 triggers → Reviewer assignment created.

11

Reviewer Reviews Work

Mike Davis (auto-assigned as reviewer) → Reviews evidence → Completes review checklist → Adds review notes → Marks as "Approved"Workflow Step 3 triggers → Approver assignment created.

12

Approver Approves Test

John Smith (Lead Auditor) → Reviews work → Completes approval checklist → Sets result: "Pass" → Marks test as "Completed" → All workflow steps complete → Workload updated.

Phase 3: Findings and Remediation

Documenting and Remediating Issues
Track findings and create remediation actions
13

Document Finding

During testing of A.9.2.3, issue discovered → Control Test → Findings tab → "Create Finding" → Title: "Privileged Access Review Not Performed Quarterly" → Severity: MEDIUM → Status: OPEN.

14

Create Remediation Action

Finding → Remediation tab → "Create Remediation Action" → Title: "Implement Quarterly Privileged Access Reviews" → Assign to: IT Security Team → Due Date: March 31, 2026 → Status: IN_PROGRESS.

Phase 4: Reporting

Generate Final Reports
Create comprehensive audit reports
15

Generate Audit Report

Instance → Reports tab → "Generate Report" → Select type: "Executive Summary" → Title: "Q1 2026 IT Access Controls Audit - Executive Summary" → System collects all data → Generates formatted report.

16

Review and Approve Report

Review generated report → Verify accuracy → Add notes if needed → Click "Approve Report" → Report status: APPROVED → Ready for distribution.

Component Interactions

How Components Work Together
Throughout this example, components integrated seamlessly

Framework → Program → Cycle → Instance

Hierarchical structure organized the audit from framework selection to specific instance execution.

Template + Workflow

Template provided defaults, workflow managed sequential assignment steps automatically.

Workflow + Workload

Workflow used workload data to select best available users for auto-assignment.

Assignment + Control Test

Assignments linked users to tests, enabling execution, review, and approval workflow.

Control Test + Finding

Findings linked to specific tests, enabling issue tracking and remediation.

Finding + Remediation

Remediation actions tracked fixes for findings, ensuring issues are resolved.

Final Metrics and Outcomes

Control Tests
  • • Total: 3
  • • Completed: 3
  • • Passed: 2
  • • Failed: 1 (with finding)
Assignments
  • • Total Created: 9
  • • Completed: 9
  • • Average Completion Time: 12 days
Findings
  • • Total: 1
  • • Open: 1
  • • Remediation Actions: 1
Workload
  • • Sarah: 4 → 3 assignments
  • • Mike: 7 → 6 assignments
  • • John: 5 → 4 assignments

Key Takeaways

Lessons Learned

Workflows Automate Process

Reduced manual assignment work by automatically creating reviewer and approver assignments.

Templates Ensure Consistency

All assignments followed the same pattern with consistent roles, priorities, and due dates.

Workload Balanced Work

No user was overloaded. System automatically selected users with available capacity.

Integration Works Seamlessly

All components worked together - workflows used workload data, templates provided defaults.

Next Steps

Workflows

Learn more about creating and configuring workflows

Learn About Workflows

Overview

Return to the audit management overview

View Overview