Audit Process
Auditing Phase:
Auditors will have a private repository on GitHub in collaboration with AuditOne, where they can create issues based on the templates provided by AuditOne for the audited projects. These issues will not be visible to the project team or any other members of the audit pool.
After the audit period, auditors must move any issues to the private audit review repository created by AuditOne, where all auditors and AuditOne are initially collaborators.
Review Phase:
Stage 1: Peer Review (For Auditors)
The review repository will have all the issues found by the auditors participating in the audit.
Every auditor is supposed to go through the issues found by other auditors and
Use 👍 if you agree with the finding.
Comment your argument if you do not agree with the findings; use the 'duplicate' label if you find a similar issue to what you have identified, and comment on the issue number you are referring to.
This lasts for a week (5 working days) from when the AuditOne team consolidates audit findings, and the project is given access to the review repository.
Stage 2: Review by the Project Team
The Project team will review the issues found by auditors once added as a collaborator to review the repository.
The project team will use the issue labels –
'Acknowledged' – If you accept the issue.
'Will fix' – If you want to resolve the issue.
'Resolved' – If you have resolved the issue.
'Question' – If you disagree with the finding and need further information, comment on the points where the finding is unclear, mentioning the issue owner.
'Invalid' – If you find the issue invalid, comment on the reason, mentioning the issue owner.
During this phase, auditors and the project team will use labels and comments to discuss the audit findings, and the project team will have time to fix the issues.
This phase lasts for two weeks (10 working days) after phase 1 ends, i.e., from when the project team is added as a collaborator to review the repository.
Stage 3: Review by Issue Owner (For Auditors)
Issue owners should review the issues after the project team has fixed or acknowledged them and update the status to 'validated by issue owner.'
Once the validation is done, you can use the 'include in report' label.
Important Note:
Mandatory Peer Review: All auditors must participate in peer reviews within their pool. Indicate if you agree or provide your opinion on why an issue is invalid or uncertain. Failure to conduct peer reviews properly will result in a 20% deduction from the total payment.
Inflationary Reporting: If an auditor submits more invalid issues than valid ones or if the indicated severity is significantly inaccurate, a 25% deduction will be applied to the total payment.
Last updated