SecureHiveDocs
Sign InGet Started
Audit Management

Audit Instances

Execute specific audits within cycles, assign teams, and test controls

What are Audit Instances?

An Audit Instance is a specific audit execution within an audit cycle. It represents the actual audit work being performed, including team assignments, control selection, test execution, evidence collection, and findings documentation.

Specific Execution

Each instance represents a concrete audit being performed (e.g., "Q1 2026 IT Access Controls Audit").

Team-Based

Instances have assigned teams including lead auditor and audit team members.

Instance Structure

Understanding Instance Hierarchy
How instances fit into the audit module structure
Audit Program (3-Year ISO 27001 Program)
└── Audit Cycle (Q1 2026 Internal Audit)
└── Audit Instance (IT Access Controls Audit)
├── Control Tests (Test Individual Controls)
│ ├── Assignments (User Assignments)
│ ├── Evidence (Supporting Documents)
│ └── Findings (Issues Discovered)
├── Team Members (Assigned Users)
└── Audit Report (Final Deliverable)

Instances are where the actual audit work happens. They contain control tests, team assignments, evidence collection, findings, and generate final reports.

Creating an Audit Instance

Step-by-Step Guide
Create a new audit instance within an audit cycle
1

Navigate to Audit Cycle

Go to Audit ManagementPrograms → Select a program → Select a cycle → Click "Create Instance".

2

Fill in Instance Details

Enter the following information:

  • Name: Descriptive name (e.g., "IT Access Controls Audit")
  • Description: What this audit will cover
  • Scope: Areas being audited
  • Objectives: What you're trying to achieve
  • Methodology: How the audit will be conducted
3

Set Timeline

Set Planned Start Date and Planned End Date for the audit instance. These dates help with scheduling and tracking.

4

Assign Lead Auditor

Select a Lead Auditor who will be responsible for overseeing this audit instance.

5

Add Audit Team

Add team members who will participate in the audit. These users can be assigned to control tests.

6

Save Instance

Review all information and click "Save" to create the audit instance.

Instance Fields Explained

Basic Information

Name

Descriptive name that identifies the audit (e.g., "IT Access Controls Audit").

Description

Detailed description of what this audit will cover and its purpose.

Scope

The areas, systems, or processes being audited (e.g., "IT Department - Access Management").

Objectives

List of specific objectives for this audit (e.g., "Verify access control policies are implemented").

Timeline

Planned Start Date

When the audit is scheduled to begin.

Planned End Date

When the audit is scheduled to be completed.

Actual Start Date

When the audit actually started (updated automatically when work begins).

Actual End Date

When the audit was actually completed (updated when instance is closed).

Status

Instance status options:

  • Planning: Instance is being planned
  • Fieldwork: Audit work is in progress
  • Review: Audit results are being reviewed
  • Reporting: Reports are being generated
  • Completed: Audit is finished
Team Assignment

Lead Auditor

Primary person responsible for the audit instance. Required field.

Audit Team

List of team members who will participate in the audit. These users can be assigned to control tests.

Instance Management Tabs

Understanding Instance Interface
Each audit instance has multiple tabs for managing different aspects

Controls Tab

View and manage controls selected for testing in this instance. Add or remove controls from the framework.

Control Tests Tab

View all control tests created for this instance. See test status, results, and assignments.

Findings Tab

Document and track issues discovered during control testing. Link findings to specific control tests.

Evidence Tab

Upload and manage evidence files for control tests. Verify evidence and link to specific tests.

Team Tab

Manage team members, view workload, configure workflows, and create assignment templates.

Activity Tab

View audit activity timeline showing all actions, assignments, and status changes in the instance.

Instance Lifecycle

From Planning to Completion
1

Planning

Create instance, assign team, select controls to test, and configure workflows/templates.

2

Fieldwork

Execute control tests, collect evidence, document findings. Team members work on assignments.

3

Review

Review test results, findings, and evidence. Approve or request changes to work.

4

Reporting

Generate audit reports (Executive Summary, Detailed Report, Compliance Report).

5

Completed

All tests completed, reports generated, findings documented. Instance is closed.

Example Instance

IT Access Controls Audit
A typical audit instance structure

Instance Details

Name: IT Access Controls Audit

Scope: IT Department - Access Management

Status: Fieldwork

Planned Dates: January 15 - February 15, 2026

Lead Auditor: John Smith

Controls Selected

• A.9.1.1 - Access control policy

• A.9.2.1 - User registration and de-registration

• A.9.2.3 - Management of privileged access rights

Team Members

• John Smith (Lead Auditor)

• Sarah Johnson (Auditor)

• Mike Davis (Auditor)

Best Practices

Clear Scope Definition

Define a clear, focused scope for each instance. Don't try to audit everything at once.

Assign Appropriate Team

Select team members with relevant expertise for the controls being tested.

Set Realistic Timelines

Plan sufficient time for testing, evidence collection, review, and reporting.

Configure Workflows Early

Set up workflows and templates before creating assignments to automate the process.

Next Steps

Control Tests

Learn how to create and manage control tests within instances

Learn About Control Tests

Team Management

Learn about workload, workflows, and templates for team management

Learn About Team Management