Use Case Summary
This demo outlines how auditors—both internal and external—use CERPASS to access the data they need to verify compliant operations, review audit trails, and validate the execution of security controls and procedures.
✅ Access Profile
Auditors are typically granted read-only access in CERPASS. This allows them to review, interrogate, and extract evidence without modifying data or workflows.
-
External Auditors can independently retrieve reports and validate evidence during audit periods.
-
Internal Auditors can use CERPASS regularly to perform pre-audit reviews and monitor ongoing compliance.
✅ Home Dashboard: Immediate Compliance Visibility
Auditors begin with a high-level view of:
-
Compliance Status Tiles showing completion of key tasks (e.g., User Access Reviews, control tests)
-
Highlighted overdue items that may warrant follow-up with responsible personnel
-
Overall alignment with internal policy timelines and audit expectations
✅ CERPASS Enables Auditors To:
| Audit Needs | CERPASS Features |
|---|---|
| Validate whether the organization is “doing what it said it would do” | Execution history for UARs, EAM, and controls |
| Confirm review and approval audit trails | Time-stamped logs with responsible users |
| Identify outstanding compliance tasks | Compliance status dashboard with overdue indicators |
| Support external audit readiness | Pre-audit review tools and exportable evidence |
| Reduce reliance on manual evidence collection | Self-serve, read-only access for external auditors |
CERPASS allows both internal and external auditors to efficiently verify compliance activities and access audit trails—helping ensure a smoother, faster, and more transparent audit process.