| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 1090 |
| Technical Name |
gb_audit_internal_controls_register |
| License | OPL-1 |
| Website | https://gencbaris.com/odoo_plugins/ |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 1090 |
| Technical Name |
gb_audit_internal_controls_register |
| License | OPL-1 |
| Website | https://gencbaris.com/odoo_plugins/ |
| Versions | 18.0 19.0 |
Audit & Internal-Controls
Risk/control matrix, control testing, findings and remediation tracking
Most internal-controls programmes live in fragile, unauditable spreadsheets — risks in one tab, controls in another, test results in email, and remediation forgotten until the auditor asks. That gap is where control failures and compliance breaches hide. This module moves the whole programme into Odoo as a linked risk-and-control matrix: score risks by likelihood and impact for an automatic inherent rating, map preventive/detective/corrective controls to each risk, then run evidence-based control tests that derive a pass, partial or fail result from your sample. Failed tests raise findings automatically, with severity, owner, due date and a tracked remediation lifecycle, while control effectiveness rolls back up into a residual-risk rating. Scheduled reminders chase due tests and overdue actions, and a findings-analysis view gives internal audit, risk and compliance teams the defensible SOX-lite and ISO 27001/9001 evidence trail they need.
Key Features
Scored Risk Register
gb.audit.risk captures each risk by category, owner and process with 1-5 likelihood and impact selections. _compute_scores multiplies them into an inherent_score and maps it to an inherent_rating of low, medium, high or critical automatically.
Risk-Linked Control Library
Each gb.audit.control is tied to the risk it addresses and typed as preventive, detective or corrective and manual, automated or IT-dependent. It carries an owner and a test frequency from continuous through to annual, building a true risk-and-control matrix.
Evidence-Based Control Testing
gb.audit.control.test records a test date, tester, sample_size, exceptions_found and ir.attachment evidence. _compute_result derives pass, partial or fail from the exception ratio, and a constraint blocks exceptions exceeding the sample.
Auto-Raised Findings from Failures
When a test is concluded with action_conclude and the result is fail or partial, _create_finding spawns a gb.audit.finding at high or medium severity, pre-filled from the test conclusion — so no control failure goes unlogged.
Remediation Lifecycle Tracking
Findings move through open, in-progress, remediated, verified/closed and risk-accepted states with owner, due_date and a computed days_open. action_remediate insists on a documented remediation_plan before a finding can be marked remediated.
Effectiveness and Residual Risk Roll-Up
A control's effectiveness_pct is the share of concluded tests that passed (partials counting half). _compute_control_stats averages active controls' effectiveness and reduces the risk's inherent score into a residual_score and residual_rating.
Scheduled Test and Remediation Reminders
Two crons keep the programme moving: _cron_test_due schedules a to-do activity for the owner when a control's next_test_date arrives, and _cron_remediation_due nudges owners of findings whose due_date has passed.
Findings Analysis SQL View
gb.audit.finding.report is a grouped SQL view counting findings by control, risk, severity and state, ready for pivot and graph dashboards that surface open findings by severity and overdue remediation at a glance.
Use Cases
Screenshots
Controls
Findings
Findings Analysis
Risk Register
Control Tests
Record Control Test
Why Choose This Module
Move your internal-controls programme out of spreadsheets. This module gives you a structured risk and control matrix, evidence-based control testing, a findings log and remediation tracking — suitable for SOX-lite and ISO regimes, and complementing evidence-only modules with full controls scope.
Specifications
- Compatible: Odoo 18.0 / 19.0
- License: LGPL-3
- Languages: 35+
- Author: Baris Genc
- Dependencies: mail
- Support: odoo@gencbaris.com
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module