An external audit team needs to view all of your published policies and controls? Which role can you give the team members?
An external audit team needs to view all of your published policies and controls? Which role can you give the team members?
For an external audit team to view all published policies and controls, the appropriate role is 'sn_audit.external_auditor'. This role specifically allows external auditors to access and review policies, controls, and risks, which is essential for their auditing tasks. Other roles like 'sn_audit_manager' or 'sn_compliance_user' do not necessarily provide the correct level of access required by external auditors.
External auditors can be assigned as auditors for an engagement and can be assigned to audit tasks. They can view closed engagements, audit tasks that are assigned to them, and closed audit tasks. If the Policy and Compliance Management plugin or Risk Management plugins are installed, they can also view published policies and all controls and risks in the Monitor state.