Providing Auditor Access

Monday, Jul 2, 2018

Sometimes an auditor needs to have access to to review how students are managed and courses are set up. With any security arrangements it is recommended that you start at a point of maximum security. It might be that the level of access you give could contribute to the auditors view on how ‘secure’ you are with your client’s data. For that reason consider the access that you provide as being part of the audit. That is the more secure access you provide likely the more impressed and auditor will be at your security methods. Keep in mind the auditor is likely to be unfamiliar with nor how your configuration of works. They are effectively lost without guidance.

We list the following methods in order of most secure to least secure:

Guided access

When you provide access with an authorised person, guiding them through the system. This has the added benefit of finding records quickly and efficiently, being able to explain your set up to the auditor and guide them to the correct information. This also enables you to understand the auditors thinking process to perhaps anticipate solutions and implment them there on the spot!

Physical access

Log the auditor in on a view-only account, and give them access there and then on your premises, not letting them take the username/passwords off site. This has the benefit of an auditor being able to guide themselves but also for staff members to be close by to answer questions as they arrise. We strongly recommend you get a list of questions in advance, and then provide direct links to the examples that they are looking for, or provide them with a brief tutorial.

Send the auditor details for a view-only account

When an auditor is offsite, or they have reduced rates for off-site analysis it might suit you to have them access the site away from the office. There is a risk that without guidance they don’t find what they are looking for and therefore assume you don’t have the records they are searching for.

Send the auditor details of an existing account

While you might be short of time or find it easier to just share an existing account with an auditor is this HIGHLY unrecommended. Due to the risk that the username/password will need to be passed via email and any changes will not be attributed to an auditor account but to your account this could also cause issues.

Setting up a view-only account

First create a role for the auditor, then create the permissions for the auditor, then add a user with that role (and only that role).

View permissions you might need to add:

  • Audit Trails
  • Catalog
  • Catalog Group
  • Contact History
  • Contact Qualifications
  • Contacts
  • Content
  • Course Dates
  • Course Masters
  • Course Prices
  • Course Topics
  • Currencies
  • Document Topics
  • Document Versions
  • Documents
  • Events
  • Export Maps
  • Export Queue
  • Fields
  • Files
  • Formats
  • Forms
  • Forms Published
  • Help Topics
  • Log
  • Notes
  • Options
  • Payment Groups
  • Payment Types
  • Price Rules
  • Process Paths
  • Process Rules
  • Process Steps
  • Status
  • Support
  • Table Links
  • Venues

Often asked questions

Should I include other details about the auditor in the login details?

Yes, to enable password resets you should include the auditor’s email address and mobile number, otherwise you should include a nominated person’s details so that you can reset their access as necessary.

Will the Auditor be able to send emails to customers?

No, as the auditor has only view permissions they will not be able to apply and steps, and therefore not be able to send emails.

The Auditor cannot see the outcome field on the Document Topics

This requires edit permissions: To give access to the auditor enable ‘edit’ permissions on the Document Topics and Document. To view the Document Topic Forms it is necessary to edit the document.