applications / Audit+
[ ServiceNow scoped app ] x_krn_audit

Audit+

The assurance hub of the suite.

It runs the audit lifecycle, plan and execute audits, capture findings, drive remediation, collect evidence, and record attestations, all mapped to NIST 800-53, NIST AI RMF, and DISA STIG frameworks.

// spec audit+
abbrev Audit+
scope x_krn_audit
instance path /auditp
status ServiceNow scoped app
// what Audit+ does

What Audit+ does.

Audit Lifecycle

Audits move from planning through review to closed, each aggregating findings and a pass or fail score. Findings, including STIG deficiencies, spawn remediation tasks and an evidence repository, with numbering that follows CORA and AUD conventions.

Attestations and Findings

Attesting a control records that it is satisfied, and a failed attestation auto-creates a finding. Both run as platform tasks, so they inherit assignment, approval, and SLA behavior.

Rules-Based Scoring

Control scoring runs on the shared Rules+ engine. Audit evaluation rules and systems are Rules+ subclasses, so grading a control is deterministic and reuses the same engine that powers Hierarchy+ rollups.

Audit+ runs the control-assurance lifecycle for the suite. Teams plan and execute audits, log findings, drive remediation tasks, collect evidence, and record attestations that controls are satisfied, all mapped to control frameworks such as NIST 800-53, the NIST AI RMF, and DISA STIGs. The dashboard tracks active engagements, findings by urgency, and attestation deadlines, with quick actions to start an audit, attest a control, log a finding, or upload evidence.

The work items are platform tasks. Attestations, evidence, and remediation tasks all extend the ServiceNow task model, so they inherit assignment, due dates, approvals, and SLAs. When an attestation against a control is signed and fails, a business rule auto-creates a finding, and completing the attestation re-scores the control.

Audit+ is also a base-class provider for the suite. Its commitment table is the parent that DMM and Governance+ commitments extend, so an obligation tracked in one app shares its lifecycle everywhere. Control scoring runs on the Rules+ engine through evaluation rules and systems that are Rules+ subclasses, the same engine Hierarchy+ uses for its figures of merit.

// other applications
← All applications