Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create a Compliance Audit for IT Compliance

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce IT Service

            Create a Compliance Audit for IT Compliance

            Create a Compliance Audit record to define the scope, type, and timeline for an audit engagement. The audit captures who requested the audit, what framework or regulation it covers (such as ISO 27001 or internal governance), and the observation and execution windows. It serves as the parent for all evidence requests and tracks the overall audit lifecycle.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service.
            User Permissions Needed
            To create compliance audits: Compliance Admin permission set

            All evidence requests created under the audit roll up to the audit's Evidence tab, giving you a complete view of the evidence collected for the engagement.

            You can clone one of the predefined audits available as samples with Evidence Management, or create a new audit when no sample fits your needs.

            1. From the App Launcher, open the Evidence Hub app.
            2. Go to the Compliance Audits tab.
            3. Create the audit.
              • To start from scratch, click New.
              • To start from a sample, open a [SAMPLE] audit that fits your engagement, click Clone, and edit the cloned record.
            4. Fill in the compliance audit details:
              • Audit Name. A descriptive name that identifies the audit engagement and period, like GMRI-2026 Resilience & Storage Compliance Audit - Q3.
              • Description. A summary of the audit scope and objectives, such as the regulatory clauses being reviewed and the systems in scope.
              • Type. The nature of the audit engagement. Select the type that matches your audit:
                • Internal Audit. Audits conducted by your organization's internal audit team to assess compliance with internal policies and controls.
                • External Audit. Audits performed by third-party auditors to verify compliance with external standards or regulations.
                • Compliance Certification. Audits aimed at achieving or renewing certifications such as ISO 27001 or PCI-DSS.
                • Regulatory Assessment. Audits mandated by regulatory bodies to ensure adherence to industry-specific regulations.
                • Vendor Assessment. Audits of third-party vendors to evaluate their compliance and security posture.
                • Observation Dry-Run. Practice audits conducted to prepare for an official audit without formal reporting requirements.
              • Requested By. The person or team who initiated the audit. This is typically the audit program manager, compliance officer, or the business unit sponsoring the audit.
              • Audit Observation Start Date. The date when the audit observation period begins. This is the start of the time window during which the auditor observes or collects evidence about the organization's compliance posture.
              • Audit Observation End Date. The date when the audit observation period ends.
              • Audit Execution Start Date. The date when the audit work itself begins. This is when the audit team starts actively reviewing evidence, conducting interviews, and performing tests.
              • Audit Execution End Date. The date by which all audit work must be complete, including evidence review, findings documentation, and report preparation.
              • Parent. Optional. If this audit is part of a multi-year audit program or a parent audit engagement, link it to the parent audit record. This creates a hierarchy that helps you track related audits over time.
            5. Save the record.
              The audit is created in Draft status with an auto-generated audit number (for example, AUD-00027). The audit appears on the Compliance Audits tab in the Evidence Hub.
            Example: creating a quarterly resilience and storage audit
            Example: creating a quarterly resilience and storage audit

            Cumulus Bank's Risk Managers team is preparing for the Q3 2026 internal audit of resilience and storage compliance for their Green Municipal Resilience Initiative (GMRI). The audit program manager creates a new Compliance Audit:

            • Audit Name: GMRI-2026 Resilience & Storage Compliance Audit - Q3
            • Description: Verification of mandatory 20% battery storage capacity for all new solar/wind installations greater than 50MW. Reviewing technical telemetry logs for frequency response compliance (Clause 4) and cybersecurity protocol adherence (Clause A).
            • Type: Internal Audit
            • Requested By: Risk Managers
            • Audit Observation Start Date: 7/1/2026
            • Audit Observation End Date: 9/30/2026
            • Audit Execution Start Date: 10/5/2026
            • Audit Execution End Date: 10/15/2026

            After saving, the audit is created with audit number AUD-00027. The audit program manager then creates evidence requests under this audit to collect the required proof for each compliance clause.

            Now create evidence requests under this audit. As evidence requests are fulfilled and verified, you can track the overall audit progress from the Compliance Audit record.

             
            Loading
            Salesforce Help | Article