# Configuring Audit Checklists (HSE, QMS)

<!--HSE Audit Management Admin section-->

<!--Source File, original slug /55230/-->



<a href="/en/gr/78610/">QualityOne Vaults</a>
 provide audit-specific checklist functionality to allow users to create their own audit checklists. These checklists allow users to identify one (1) or more checklist items as audit findings when performing an audit. When a user completes and submits a checklist, QualityOne automatically creates audit finding records along with the finding type, observations, and objective evidence (attachments) for any audit checklist question that is flagged as an audit finding.

You must configure this functionality before users can start <a href="/en/gr/650476/">working with audit checklists</a>
 in their <a href="/en/gr/650396/">audits</a>
. For more information about configuring and designing general checklist functionality, see <a href="/en/gr/47738/">Configuring Checklists</a>
 and <a href="/en/gr/52824/">Designing Checklists</a>
.

Audit checklist configuration also applies to <a href="/en/gr/650482/">QualityOne Audit Checklist Mobile</a>
 with some additional [configuration][3] specific to the application. QualityOne Audit Checklist Mobile allows users to download and perform an audit checklist on an iPad or Android device for a checklist already configured in Vault.

## Configuration Overview {#overview}

Configuring your Vault to use Audit Checklists involves the following steps:

1. [Enable Checklists in your Vault][2]
2. [Configure the _Audit Checklist_ workflow][4]
3. [Configure your _Audit Checklist_ design][6]
4. [Configure Checklist Assignment actions][8]
5. [Configure _Audit Findings_][9]
6. [Configure QualityOne Audit Checklist Mobile][3]
7. [Configure user permissions][10]

<div class="note-border alert-info">
  <div class="alert alert-info" role="alert">
    <div><i class="far fa-info-circle"></i></div>
    <div class="alert-text">
      <p><strong>Note</strong>: Depending on your Vault’s creation date and which features are currently enabled and configured, some of the steps described in this article may be unavailable or already complete in your Vault.</p>
    </div>
  </div>
</div>



## Enabling Checklists {#enabling}

You can configure your Vault to allow you to submit data in a checklist format. To enable this feature, navigate to **Admin > Settings > General Settings** and click **Edit**. In the _Checklist_ section, select the **Enable Checklists** checkbox and click **Save**.

Once enabled, you can create a _Checklist Type_ for the _Audit_ object types. See <a href="/en/gr/47738/#how-to-enable-checklists-for-an-object">Configuring Checklists</a>
 for more details.

<div class="note-border alert-important">
  <div class="alert alert-important" role="alert">
    <div><i class="far fa-exclamation-circle"></i></div>
    <div class="alert-text">
      <p><strong>Important</strong>: Once enabled, you cannot disable <em>Enable Checklists</em>.</p>
    </div>
  </div>
</div>



## Configuring Audit Checklist Workflows {#workflow}

By default, the _Audit Accepted_ and _Audit Pending Acceptance_ object workflows are active and do not contain steps. If your organization plans to use workflows to initiate <a href="/en/gr/47738/">checklists</a>
, we recommend you use these because they have specialized system actions that are not available with other workflows:

* _Set Respondent_, which sets the _Respondent_ field.
* _Ensure Completeness_, which verifies that all sections of the checklist are completed.

To configure the _Audit Accepted_ and _Audit Pending Acceptance_ object workflows, see <a href="/en/gr/66930/">Configuring Checklist Workflows</a>
 for more details. Replace the _Accepted_ workflow with the _Audit Accepted_ workflow and _Pending Acceptance_ workflow with the _Audit Pending Acceptance_ workflow for the purposes of the _Audit Checklist_ configuration.

You can also optionally configure the _Audit Checklist Assignment_ system action on any single-object workflow that uses the _Audit Lifecycle_. See [Configuring the Audit Checklist Assignment System Action][15] for more details.

## Configuring the Audit Checklist Design {#checklist-design}

Once you have [enabled Checklists][2] and [configured the workflow][4], you can design and configure your audit checklist to allow users to submit data in a question-and-answer format. You can build checklist designs by creating records for the various <a href="/en/gr/47738/#objects">checklist-enabled objects</a>
 within your _Checklist Design_ for _Audit_ object types, or you can use the <a href="/en/gr/537448/">Visual Checklist Designer</a>
 to design and manage your checklist from a single page. For help designing your checklists, see <a href="/en/gr/52824/">Designing Checklists</a>
.

Once you have created and finalized your checklist design, configure the _Audit Checklist Design_ by completing the steps listed in the Configuration Overview of <a href="/en/gr/47738/#configuration-overview">Configuring Checklists</a>
. Ensure you configure the _Manual Audit Checklist Assignment_ user action, the _Audit Checklist Assignment_ entry action, or the _Audit Checklist Assignment_ system action instead of the _Start checklist_ action. See [Configuring Checklist Assignment Actions][8] for more details.

## Configuring Checklist Assignment Actions {#checklist-assignment}

There are three (3) checklist assignment actions available; you must configure at least one (1) before users can assign checklists to respondents in an audit:

* [_Audit Checklist Assignment_ entry action][16]
* [_Manual Checklist Assignment_ user action][17]
* [_Audit Checklist Assignment_ system action][15]

You can optionally [configure the _Reassign Audit Checklist_ user action][18] to let users reassign the workflow task to complete an audit checklist to a different authorized user.

<div class="note-border alert-info">
  <div class="alert alert-info" role="alert">
    <div><i class="far fa-info-circle"></i></div>
    <div class="alert-text">
      <p><strong>Note</strong>: The <em>Start checklist</em> action has similar functionality to the <em>Manual Audit Checklist Assignment</em> and <em>Audit Checklist Assignment</em> actions and is available on each state of the <em>Audit Lifecycle</em>. However, we recommend you use the <em>Manual Audit Checklist Assignment</em> and <em>Audit Checklist Assignment</em> actions instead because they are designed for use with QualityOne Audit Management features. We do not recommend configuring the <em>Start checklist</em> action together with the <em>Audit Checklist Assignment</em> and <em>Manual Checklist Assignment</em> actions.</p>
    </div>
  </div>
</div>



### Configuring the Audit Checklist Assignment Entry Action {#entry-action}

The _Audit Checklist Assignment_ entry action automatically assigns a specific checklist to a particular audit team member as the respondent through a state change. To configure the _Audit Checklist Assignment_ entry action, do the following:

1. Add the **Audit Checklist Assignment** <a href="/en/gr/59885/#define-entry-action">entry action</a>
 to the appropriate state of the _Audit Lifecycle_. Typically, you would add this entry action to an _In Audit Performance_ lifecycle state. Ensure you remove any <a href="/en/gr/59885/#entry_criteria">entry criteria</a>
 configured to validate that at least one (1) checklist exists before users can move to the _In Audit Performance_ lifecycle state.
2. Create or edit the <a href="/en/gr/26387/">layout</a>
 for a particular _Audit_ object type, such as the _Internal Audit Detail Page Layout_.
    * If applicable, remove the **Audit Checklists** section related to document records.
    * Insert a **Related Object** section and select the **Audit Checklist Assignment** object. Make this object available only in audit planning and preparation-related lifecycle states.
    * Insert a **Related Object** section and select the **Audit Checklist** object. Make this object available in all lifecycle states after the audit planning and preparation-related lifecycle states. For example, this section might be visible only in the _In Audit Performance_, _In Audit Report_, _In Audit Follow-Ups_, and _Closed_ lifecycle states.

### Configuring the Manual Checklist Assignment User Action {#user-action}

The _Manual Checklist Assignment_ user action allows users to manually assign a specific checklist to a particular audit team member as the respondent. To configure the _Manual Checklist Assignment_ user action, you must do the following:

1. Add the **Manual Checklist Assignment** user action to the appropriate state of the _Audit Lifecycle_. Typically, you would add this user action to an _Audit Preparation_ lifecycle state. This state occurs before the user starts to perform the audit.
2. Create or edit the layout for a particular _Audit_ object type. For example, the _Internal Audit Detail Page Layout_.
    * If applicable, remove the **Audit Checklists** section related to document records.
    * Insert a **Related Object** section and select the **Audit Checklist Assignment** object. Make this object available only in audit planning and preparation-related lifecycle states.
    * Insert a **Related Object** section and select the **Audit Checklist** object. Make this object available in all lifecycle states after the audit planning and preparation-related lifecycle states. For example, this section might be visible only in the _In Audit Performance_, _In Audit Report_, _In Audit Follow-Ups_, and _Closed_ lifecycle states.

### Configuring the Audit Checklist Assignment System Action {#system-action}

You can also optionally configure the _Audit Checklist Assignment_ system action on any single-object workflow that uses the _Audit Lifecycle_. This action executes during a step in a workflow to create and assign checklists to users. If you configure the _Audit Checklist Assignment_ as a system action, do not also configure it as an [entry action][16].

### About the Audit Checklist Assignment Object {#audit-checklist-assignment}

When you add or delete an _Audit_ checklist type from **Admin > Configuration > Checklist Types**, Vault automatically updates the VQL criteria in the _Checklist Design_ field of the _Audit Checklist Assignment_ object. The VQL criteria restricts a user to only select related _Audit Checklist Design_ records based on the created _Audit_ object type. If you change the VQL statement, Vault automatically overwrites it with the intended VQL the next time a _Checklist Type_ is added or deleted.

### Configuring the Reassign Audit Checklist User Action {#reassign-action}

You can optionally configure the _Reassign Audit Checklist_ user action to let authorized users reassign the task to complete an audit checklist to a different authorized user. The new responsible user receives an email and Vault notification upon successful reassignment.

To configure this action, first <a href="/en/gr/43127/#assign-actions">assign</a>
 it to the _Audit Checklist_ object, then configure it on any state of the _Audit Checklist_ lifecycle except _Complete_. Ensure you grant <a href="/en/gr/43127/#action_level_security">permission</a>
 to run the action to authorized users only.

## Configuring Audit Findings {#audit-findings}

Configuring _Audit Findings_ for _Audit Checklist Responses_ includes the following steps:

* [Including _Audit Finding_ in the _Audit Accepted_ workflow][12]
* [Modifying the visibility of the _Audit Finding_ button][13]
* [Modifying the hovercard display][14]

### Configuring the Audit Accepted Workflow {#configure-audit-workflow}

To include _Audit Finding_, configure the _Audit Accepted Workflow_ using <a class="external-link " href="https://developer.veevavault.com/mdl#mdl-overview" target="_blank" rel="noopener">MDL<i class="fa fa-external-link" aria-hidden="true"></i></a> or a <a href="/en/gr/36919/">configuration migration package</a>
; click <a class="download-link " href="https://platform.veevavault.help/assets/downloads/CPC-Audit-Accepted-Workflow-MDL-Sample.txt" target="_blank" rel="noopener">here<i class="fa fa-download" aria-hidden="true"></i></a> for an example MDL configuration. Click <a class="download-link " href="https://platform.veevavault.help/assets/downloads/CPC-Audit-Accepted-Workflow.vpk_.zip" target="_blank" rel="noopener">here<i class="fa fa-download" aria-hidden="true"></i></a> to download a VPK to deploy the workflow configuration.

### Modifying Audit Finding Button Visibility {#modify-button-visibility}

You can control the visibility of the **Create** button for _Audit Findings_ so that users see the button only when relevant.

To hide the button at the object level, clear the _Create_ permission on the _Audit Finding_ object and object types as needed within **Admin > Users & Groups > <a href="/en/gr/23647/">Permission Sets</a>
 > Objects** tab.

To hide the button in the particular _Audit Checklist Lifecycle_ state, ensure the user role does not have edit permissions for the _Audit Finding-Audit Checklist_ relationship within **Admin > Configuration > <a href="/en/gr/47850/#secure_inbound_relationships">Object Lifecycles</a>
**.

### Modifying Hovercard Display {#modify-hovercard}

Users can view hovercards by mousing over an _Audit Finding_ token. You can adjust what displays on the hovercard. By default, the hovercard displays the shortened values of the _Record ID_, _Observations_, and _Finding Type_ fields.

To modify the hovercard display, navigate to **Admin > Configuration > Objects > Audit Finding** and select the **Object Types** tab. Under **Actions**, select **Edit Object Type Fields** and locate the specific object type you want to modify. Clear or select the appropriate object type field (_Observations_ or _Finding Type_), then click **Save**.

## Configuring QualityOne Audit Checklist Mobile {#mobile_config}

Ensure the _Checked out on Mobile?_ field on the _Audit Checklist_ object is set to "Yes" for the appropriate record when a user downloads an audit checklist on <a href="/en/gr/650482/">QualityOne Audit Checklist Mobile</a>
. This field sets the checklist to read-only in Vault after a user downloads a checklist to a device so that the user can complete the checklist on the device without causing a conflict.

### Device Support {#device-support}

Before you start using QualityOne Audit Checklist Mobile, review the list of <a class="external-link " href="https://rn.veevavault.help/en/gr/vault-client-application-release-schedule-support-model/" target="_blank" rel="noopener">supported mobile versions<i class="fa fa-external-link" aria-hidden="true"></i></a> to ensure your device is compatible.

### Configuring SSO SAML {#android-sso}

Configuring QualityOne Audit Checklist Mobile to allow users to log in using your organization's <a href="/en/gr/13975/">SSO (Single-Sign-on)</a>
 method requires the following steps:

1. Configure a SAML Profile for your Vault. See <a href="/en/gr/43346/">Configuring SAML Profiles</a>
 for more details.
2. Configure an SSO Security Policy and provision users to use SSO. See <a href="/en/gr/13977/">Configuring Single Sign-on</a>
 for more details.

### Modifying Checklist Card Information {#modify-card}

You can control the displayed information on the checklist cards in the mobile application to help users easily read and differentiate between the checklists listed by using <a href="/en/gr/42857/">formula</a>
 expressions. To control the information on the checklist cards, configure the formula expression for the _Mobile Display_ field:

1. Navigate to **Admin > Configuration > Objects > Audit Checklist > Fields > Mobile Display**. 
2. Click **Edit**.
3. Enter a **Formula Expression**. See <a href="/en/gr/42857/">Creating Formulas in Vault</a>
 for more details on writing the formula expression.
    * For example, to display the _Audit Checklist_ object _Name_ field whenever the _Audit_ object _Title_ field is blank, enter `if(isBlank(target_object__vr.title__c), name__v, target_object__vr.title__c)` as the formula expression. This expression displays the _Audit_ object _Title_ field if it isn't blank by default.
4. Click **Check Syntax** to ensure that your expression is valid.
5. Click **Save**.

After modifying the _Mobile Display_ field's formula expression, users can view the new changes by refreshing their card list. If you do not modify the checklist card, Vault defaults to displaying the _Audit Checklist_ object label instead.

### Modifying Audit Finding Fields (Android Only)

Field labels on the _Audit Finding_ object display the same in QualityOne Audit Checklist Mobile for Android as in Vault. To change the field labels in the _Audit Findings_ section of checklist questions on the Android version of the mobile application, <a href="/en/gr/15057/#customizestandardobjects">update the field labels on the _Audit Finding_ object</a>
 in Vault.

### Reassigning Checklists {#reassignment}

To allow users in Vault to reassign a checklist that is currently checked out on mobile, configure the [_Reassign Audit Checklist_ action][18].

## Configuring User Permissions {#user-perm}

You must ensure users have the appropriate read and create <a href="/en/gr/22824/">permissions</a>
 to access the appropriate objects and object fields in addition to the permissions outlined below:

* For the _Audit_ object and its object types: _Create_, _Edit_, and _Delete_ permission.
* For the _Audit Finding_ object: _Create_, _Edit_, and _Delete_ permission. Once _Create_ is enabled, the _Audit Finding_ **Create** button will be visible in the checklist response section.
* For the _Checklist Design_ object: _Create_, _Edit_, and _Delete_ permission.
* For the _Audit Response_ object and its object types: _Create_, _Edit_, and _Delete_ permission. Once permissions are enabled for the _Text Response_ object type, users can make changes to ad hoc questions.

### Configuring QualityOne Audit Checklist Mobile User Permissions {#mobile-permissions}

You must ensure users have the appropriate <a href="/en/gr/22824/#application-permissions">application permissions</a>
 to access the QualityOne Audit Checklist Mobile application in addition to the [related permissions outlined][1]:

<table>
  <tr>
    <th><strong>Type</strong></th>
    <th><strong>Permission</strong></th>
    <th><strong>Controls</strong></th>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Application: Vault Actions: API: Access Vault API</td>
    <td>Ability to communicate with Vault.</td>
  </tr>
  <tr>
    <td>Permission Set</td>
    <td>Application: Client Applications: Mobile Audit Checklist: Enable</td>
    <td>Ability to access QualityOne Audit Checklist Mobile.</td>
  </tr>
</table>

## Related Permissions {#related_permissions}

You can complete all the steps in this article with the standard _System Administrator_ or _Vault Owner_ security profile. If your Vault uses custom security profiles, your profile must grant the following <a href="/en/gr/22824/">permissions</a>
:

<table>
  <tr>
    <th><strong>Type</strong></th>
    <th><strong>Permission</strong></th>
    <th><strong>Controls</strong></th>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Admin: Configuration: Object Lifecycles: Create, Edit</td>
    <td>Ability to create and modify object lifecycles.</td>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Admin: Configuration: Objects: Create, Edit</td>
    <td>Ability to create and modify Vault objects.</td>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Admin: Security: Permission Sets: Edit</td>
    <td>Ability to modify permission sets for users.</td>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Admin: Settings: General Information: Edit</td>
    <td>Ability to modify settings in the Vault <em>General Settings</em> page.</td>
  </tr>
</table>

[1]: #related_permissions
[2]: #enabling
[3]: #mobile_config
[4]: #workflow
[5]: https://developer.veevavault.com/mdl#mdl-overview
[6]: #checklist-design
[7]: #start-checklist-action
[8]: #checklist-assignment
[9]: #audit-findings
[10]: #user-perm
[12]: #configure-audit-workflow
[13]: #modify-button-visibility
[14]: #modify-hovercard
[15]: #system-action
[16]: #entry-action
[17]: #user-action
[18]: #reassign-action