Auditee manual

This manual is for the auditee user: the person on the audited side who receives findings and works on them with the audit team. The auditee's view in Mawidabp is limited to the Follow-up module and the issues where they are responsible. The rest of the application is not visible from this profile.

Signing in

Each organization has its own URL. Sign in with your corporate username and password:

https://<organization>.mawidabp.com/

For example, for an organization named demo:

https://demo.mawidabp.com/

If the organization is integrated with an identity provider (Entra ID, Google Workspace, LDAP/AD), the sign-in flow redirects to that provider and you do not manage the password inside Mawidabp.

Once inside, you will see the main dashboard with:

Pending findings assigned to you.
Resolved findings recently.
Status: a counter with how many findings you have in each status (being implemented, implemented, implemented/audited), plus a breakdown of in-progress, overdue, and rescheduled.

How findings reach you

When an auditor creates an issue where you are assigned and moves it to Notify, you receive an email from Mawidabp with:

A summary of the issue.
A Confirm notification link to acknowledge receipt.
A View finding link that takes you straight to the issue after signing in.

After confirming receipt, you have 3 days (configurable per organization) to add your first comment. If you do not respond within that window, the issue moves to No response.

Responding to an issue

From the finding you can:

Load your action plan

Fill in:

Response / corrective actions: what you will do.
Estimated implementation date: your commitment.

When you save, the auditor receives the notification. When they review and approve, they will change the status to Being implemented, and from that point Mawidabp starts tracking deadlines.

Talk to the auditor

Comments are the main communication channel:

Each comment you load triggers an automatic email to the assigned auditor.
You can attach files to the comment: documents, spreadsheets, screenshots, anything that works as evidence.
All exchanges are logged with date, time, and author.

The auditor can take any of the files you attach and promote it to a working paper of the finding with one click.

Date changes

If you need to reschedule a committed date, post a comment explaining the reason. The auditor can update the implementation date from their side; until a new date is approved, the finding is still measured against the original one.

Read and unread comments

Mawidabp distinguishes read from unread comments manually: nothing is marked automatically when you open the finding. This gives you control over what you have actually reviewed.

How to spot unread comments

In the Pending findings list, the Responses column shows an indicator like 2/1 and a yellow triangle when there are unread messages. The detail:

2: total comments.
1: own comments (which we don't count as unread).
Yellow triangle: hover over it to see how many comments are not marked as read.

How to mark as read

Edit the finding.
In the comments section, next to each unread comment you'll see a blue envelope icon.
Click the envelope: the icon turns to a black tick and the comment is marked as read.

Comments you write are marked as read automatically when created.

Notifications you will receive

Mawidabp sends you emails at several moments:

When a new issue is assigned to you (the first time it moves to Notify).
When the auditor adds a comment to one of your findings.
7 business days before the due date of a committed date.
1 business day before the due date.
Reminders after the due date, while the issue stays open and overdue. The frequency (weekly, biweekly) is configured by the organization.

If the organization has automatic escalation enabled, overdue issues without a response are also escalated to the higher hierarchical level, climbing up week by week until a response is received.

Filters and searches

In the pending and resolved findings listings you can search and sort:

Columns in black are active for search.
Columns in gray are excluded; click to toggle.
Pending as responsible is also available to filter only the findings where you are the direct responsible.

Downloads

From the pending findings listing you can download:

CSV with all findings.
PDF summary.

From each individual finding, in the lower-right corner:

Download follow-up: PDF with the main data to date.
Download full follow-up: includes history and comments.

What the auditee can and cannot do

Unlike the auditor, the auditee does not modify the issue data (title, description, criteria, effect). That is handled by the auditor as the conversation evolves.

What you do:

Load response / corrective actions and estimated date.
Comment and attach evidence.
Confirm notifications and mark comments as read.

The rest of the flow (status changes, final approval) is handled by the audit team.

Signing in​

How findings reach you​

Responding to an issue​

Load your action plan​

Talk to the auditor​

Date changes​

Read and unread comments​

How to spot unread comments​

How to mark as read​

Notifications you will receive​

Filters and searches​

Downloads​

What the auditee can and cannot do​