Not logged in - Login
< back

Audit and Action Management Set Up

AAM Setup The pages listed below contain information on setting up the audit module. The 'AAM Setup' page within Abriska can be reached by selecting ‘Audit & Action Management’ then selecting 'AAM Setup' from the sidebar on the organisation home. Default Audit Duration Purpose: To define the default length of time that an audit will take. Before developing an audit programme the following tables need to be considered and may be setup by selecting •       Clauses •       Cost types •       Status •       Audit Types •       Finding Types Clauses Purpose: To define and reference any compliance requirements which will need to be selected when defining the scope of an audit. These requirements may include clauses from a management system standard or others defined in legal, regulatory, contractual requirement. Each requirement may be independent or grouped together under a parent summary. If this module is implement with the 27001 module the controls listed in the Control Maturity Facility will also be available for selection and need not be repeated here. Select the ‘Create a New Clause’ to create each compliance requirement Each clause requirement a unique reference – it is recommended that the reference stated in the source materials is used. Ie the legislation, regulations, standard or contractual reference. Clauses may be nested or grouped together under a parent clause or heading. With the definition of a sort code the clauses may be displayed or reported in any particular order. When undertaking an audit or managing an action it possible to give an indication of the maturity of the clause, based on a predefined maturity level – See Control Maturity Assessment>CMA Set UP> Maturity Models Audit Types Create New Audit Type Purpose: When planning an audit programme consideration needs to be given the different types of audits that might take place. These audits may require different activities to be controlled. For example 3rd Party audit undertaken by a regulatory requirements, will be planned and produced by that party. The audit programme, may only need to plan for the visit (and availability of teams to provide evidence) and respond to the findings. Audit types may be nested or grouped together under a parent audit type. To recognise that not all audit types, require all the audit activities (Statuses) to take place. This facilities provides the ability to state which activity (status needs) to be managed. Cost Type Purpose: Correcting nonconformities can incur financial or manpower costs. Different cost types may be set up for different currencies or manpower groups. The format of the numerical cost value may be presented as an Integer, Currency or Percentage. Symbols may also be set up to reflect the cost type in short form. Examples that may be considered: •       Financial costs may reflect different currencies such as the GB Pound or the US Dollar. •       Manpower may be considered in terms of Man hours or days. It may also be represent as a percentage of effort. Eg 10% of a day. Statuses – Needs to be set up ahead of Audit Types and Finding Types Create New Status Basic Information Tab Cost Types Tab Involvement Tab Auditors or Finding Owners are set up for each audit. It is possible to define whether roles need to be notified when the status is complete. By default all roles or people associated with the audit are able to access and update the details of the status. However it is possible to ‘lock’ down these update to individual roles. Finding Type Purpose: A number of different types of findings may be identified during an audit or document review. The finding types may be set up to indicate the different responses subsequently required – Major and Minor Non Conformities may be set up to indicate the significance of the finding. The subsequent actions taken as a result of finding may differ across the different finding types. For example a ‘non conformity’ may require root cause analysis to be completed, whilst another finding ‘recommendation’, may simply need to record the action taken. A new finding type would need to be set up for each different process that must be followed. Each finding type would need to select the relevant starting status. Note: Each status would need to be set up prior to Finding Types.