Defining the scope of a risk and control plan audit
 |
 |
 |
 |
 |
Prerequisites
- Access to the Management > Audit > Planning (AU009) menu.
- Audit created in the system, in the planning step.
- Previously created risk and control plan.
Introduction
Once an audit is created in the system, while it is in the planning step, it is necessary to define its scope and associate the objects that will be audited.
The editing of this data varies according to the configurations applied to the Scope tab of the audit category.
See how to define the scope of an audit:
Defining a scope
1. Access the Management > Audit > Planning (AU009) menu.
2. Select the audit whose scope you wish to configure and click on the 
button.
3. Select the Audit scope tab.
4. Select the start and end dates of the audit scope.
5. If necessary, enter a description about the audit scope in the Scope field.
6. Select the Scope tab to associate the plans that will be part of the audit scope. Watch the video below for more details:
See additional information about the buttons available in the scope structure:
The toolbar, located at the top of the Audit scope screen, provides buttons and tools that allow for editing the structure and interacting with its data:
| Associate | Click on this button to associate plans or objects in the scope structure through the association wizard. The association process via wizard is shown in the video Defining the scope of a risk and control plan audit above. |
| Disassociate | Click on this button to disassociate an object selected in the list of records. |
| Delete | Click on this button to delete the selected object from the scope structure. If the object has sub-objects, they will be deleted as well. |
| Expand | Click on this button to expand the plan structure. |
| Collapse | Click on this button to collapse the plan structure. |
• It is important to highlight that the scope period is not the same as the audit execution period. The start and end dates of the scope represent the period in which the plans will be analyzed, that is, the time interval covered by the audit. The audit execution dates, in their turn, refer to the specific days on which the audit will be conducted, including tasks such as document revision, interviews, inspections, and closure meetings.
For example, an audit may comprehend risk and control plans dating from January to June of a year (scope), but be conducted in person in October (execution).
• For 2nd party - Supplier audits, the Supplier field will be displayed in the scope.
Use it to insert the supplier company that will be audited. The suppliers must have been created in SoftExpert Supplier.
• See more details on creating evaluation criteria by clicking here.
• The Allow manually changing the conformity level of the upper items by replacing the automatic calculation option allows for manually changing the conformity level and its value during the execution of the audit. This option must be enabled when automatic result generation is not configured in the conformity level of the evaluation criterion.
• See more information on creating evaluation checklists by clicking here.
• See how to associate audit tests with the scope structure.
Closing the planning
After defining the scope with the plan and its respective objects that will be audited, it is necessary to close the planning and send the audit to the next steps.
1. Access the Management > Audit > Planning (AU009) menu.
2. Select the audit that will have its planning closed and click on the button.
3. Click on the Send to next step button and confirm the operation.
Conclusion
With the scope defined and the planning closed, the audit will move on to the next steps.
See how to execute a risk and control plan audit.