Planning a risk and control plan audit
Prerequisites
- Access to the Management > Audit > Planning (AU009) menu.
- Team previously created in the Configuration > Team (AU018) menu.
- Previously created audit category.
Introduction
With the initial configurations finished, it is possible to plan a risk and control plan audit in the system.
To illustrate, a 1st party audit will be created for the "Financial risk plan" plan.
See how to create a risk and control plan audit in the system:
Planning a risk and control plan audit
See additional information about the adjustments to be made during the planning of an audit:
Defining the parties responsible for approval
If the Requires approval option has been checked in the audit category for the audit steps, the Approval section will be displayed on the audit data screen.
During the planning step, it will be necessary to access the tab in which the parties responsible for the approval are selected.
1. On the Audit data screen, click on the arrow below the Approval section and select the step in which you wish to configure the approval.
2. In the Responsibility route field, select the route responsible for the approval. If the Fixed & unique route type has been configured in the category, this field will be filled in automatically and cannot be edited.
3. Define the approval type:
- Incremental: the step can be approved/rejected by any responsible user in the route.
- Circular: the step will have to go through all the responsible users in the route, and only the last member in the sequence can approve/reject.
4. Check the Wait for all members approval option so that the step approval is released only after all route members execute their tasks.

If the Variable route type has been configured in the audit category, the following buttons will be available on the side toolbar:
![]() |
Click on this button to add a new member to the responsibility route. It is important to highlight that, if the member is being added to a route associated with the audit category, this addition will only be valid for the step approval; it will not be replicated to the route record created through the Configuration > Approval > Responsibility route (AU020) menu. |
![]() |
Click on this button to edit the data of a responsibility route member. |
![]() |
Click on this button to delete a responsibility route member. |
See more details on configuring a responsibility route and adding its members by clicking here.
Defining an auditor
In the Auditor section, it is possible to select who will be the parties responsible for the audit.

Select one of the available options:
Internal auditor | The field will be displayed as the name of the organization that will be audited, and the audit will be conducted by people from the company itself. Use the buttons located next to the list of records in this section to select the desired auditors. |
Audit business unit | The audit will be performed by people from a particular business unit of the company. Select the business unit first and then use the buttons located next to the list of records to select the desired auditors. Remember that the system will only list the auditors from the selected business unit. |
Audit organization | The audit will be performed by external auditors, that is, the auditors from an audit organization. Select the organization first and then use the buttons located next to the list of records to select the desired auditors. Remember that the system will only list the auditors from the selected organization. |
• For 2nd party - Customer and 3rd party audits, only the Audit organization option will be available.
• The business units available for selection have been previously created in SoftExpert Administration. If a new unit needs to be added, click on the button.
Refer to the documentation of the Administration component for more details on how to create it.
• See more details on creating audit organizations by clicking here.
Regardless of the chosen responsible party type, once the auditors responsible for the execution are associated, some buttons will be enabled on the side toolbar:
![]() |
Click on this button to disassociate the auditor selected in the list of records. |
![]() |
Click on this button to define the auditor selected in the list of records as lead auditor. |
![]() |
Click on this button to inform that the auditor selected in the list of records is an auditor in training. |
![]() |
Click on this button to describe the auditor's responsibilities. It is important to highlight that, once the responsibility is saved, it can no longer be edited. |
![]() |
Click on this button to view the data of the auditor selected in the list of records. |
See additional information on audit configurations:
• Learn how to create an audit purpose by clicking here.
• In the Security tab, it is possible to configure audit access permissions. See more details on how to configure record security using permission profiles.
If the Block security change in the audit option has been enabled it the category, it will not be possible to make adjustments in the Security tab; only viewing the configurations applied during the creation of the category will be possible.
• The Documentation section allows for adding attachments and associating documents related to the audit. See more information about the fields by clicking here.
• If a form has been associated in the audit category, the Documentation section will display an extra tab called Form. Use the side toolbar button to open and fill out the associated form.

• The Attribute tab will be displayed if attributes have been associated with the category associated with the audit. See more details on how to fill out attributes by clicking here.
• Using the side toolbar button in the Schedule section, it is possible to export a file with .ics extension that can be used to create a scheduling in your e-mail reader, with the data of the appointment recorded in the system. Scheduling configuration varies according to the e-mail reader used by your organization.
• If a 2nd party - Supplier audit is being planned, it will not be possible to save the record without filling in the Supplier field in the Audit scope section. The suppliers available for selection have been previously created in SoftExpert Supplier.
• If a 2nd party - Customer audit is being planned, it will not be possible to save the record without filling in the Customer field in the General data section. The customers available for selection are created beforehand in SoftExpert Customer.
• Documents can be associated in the Documentation section only if the Enable document to be associated option has been enabled in the category and if SoftExpert Document is part of the solutions acquired by your organization.
• The Schedule section will only be displayed if, in the Category, the Enable audit schedule to be entered option has been enabled. Watch the video Planning a risk and control plan audit above for more details on the configurations of this field.
Conclusion
After setting the initial configurations, it is necessary to define the audit scope.