Managing External Audits
This page is for organizations using ConcertoGRC to manage their own compliance program who are being audited by an external firm. If you are an audit firm conducting assessments, see the Audit Firm Platform overview.
External assessments are available within the standard ConcertoGRC app for any GRC tenant. This is how you manage engagements where an outside firm is auditing your organization.
Setting Up an External Assessment
From Compliance > Assessments, create an assessment with the "External" type:
- Register your audit firm - Add the firm and their contacts under Assessments > Audit Firms
- Create the assessment - Select "External" type, choose frameworks, link the audit firm
- Invite auditors - The firm's contacts get access to the Auditor Portal for your assessment
- Provide evidence - Upload documentation against auditor evidence requests
- Respond to findings - Add management responses to any non-conformities
- Track progress - Monitor the assessment workspace alongside your internal team
Supporting Team
The Team tab on external assessments lets you assign a Supporting Team of internal compliance leads and control owners who can be @mentioned in portal comments and help coordinate evidence collection.
AI-Assisted Review
AI-assisted evidence review can be toggled per assessment. When enabled, your external auditors can use AI to summarize and evaluate submitted documentation.
Assessment Workspace
The assessment workspace for external audits uses the same structure as described in Assessment Workspace - the same tabs (Dashboard, Controls, Evidence, Findings, Team, Reports) are available with role-appropriate access.
For full details on the compliance module's assessment capabilities, see Compliance > Assessments.