Docs

Appearance

Audit Trail

Audit readiness depends on traceability: who did what, when, why, and with which evidence. In Modulos, traceability is built from two complementary surfaces:

  • Notifications help people execute and coordinate work.
  • Comments and logs provide the durable audit trail on each object.

What this is

This page explains how to use the audit trail in practice:

  • where to find it
  • who can see what
  • how it supports reviews, approvals, and audits

Where in Modulos

Most audit trail information is viewable by regular members with access to the relevant project. Administration actions are managed by organization and project admins.

  • Notifications for your personal inbox of assignments and workflow events
  • Project objects → Comments and Logs for a durable history on items like requirements, controls, evidence, assets, and risks

Who can do what

Permissions

  • Organization Members can view notifications and object logs for projects they have access to.
  • Reviewers receive notifications for review requests and record decisions in the object’s history.
  • Auditors use read-only access plus logs to verify traceability.
  • Organization Admins and Project Owners manage access so the right people can see the right trail.

How it works

Notifications

Notifications are user-specific. They’re created for events such as:

  • review requests and approvals
  • assignments and ownership changes
  • status changes on key objects

Notifications help you find what needs attention. They are not the audit trail itself.

Notifications inbox showing a list of updates and unread indicators.
Notifications are your personal queue for review requests and key events. Use them to navigate to the relevant object. UI shown in light mode.
  1. 1
    Filter and search
    Use All or Unread and search to find what needs attention.
  2. 2
    Unread count
    Shows how many notifications still need review.
  3. 3
    Notification items
    Each item links back to a specific object or event.
  4. 4
    Quick actions
    Mark as read or clear items after you’ve handled them.

Comments and logs

Most governance and risk objects include a Comments and Logs view that records:

  • timestamped events and actions
  • the actor who performed them
  • comments and context that explain why a change was made

This is the primary audit trail auditors rely on.

Comments and Logs view on a governance object showing a timeline of changes and a comment editor.
Comments and Logs provide the durable history auditors rely on: actions, timestamps, and rationale captured as comments. UI shown in light mode.
  1. 1
    Comments and Logs tab
    The durable history view for the object you are reviewing.
  2. 2
    Timeline entries
    Records status changes, assignments, and other events with timestamps.
  3. 3
    Add context
    Use comments to document reasoning and decisions for audit readiness.
  4. 4
    Current state
    Status and ownership provide the “as-is” context for the trail.

How they connect

A single event can create both:

  • a log entry on the affected object
  • a notification for the relevant assignee or reviewer

Notifications can be cleared, but logs remain as the durable record.

How to use it

Important considerations

  • Notifications are personal and can be dismissed. Logs are the durable audit trail.
  • You only see logs for objects you have access to. If you can’t see a trail, check project access.
  • For audit readiness, encourage teams to capture rationale in comments when making significant changes.
Reviews and Statuses

How review requests create auditable approvals

Evidence

How evidence is attached, reviewed, and traced over time

Reports and Exports

How to generate auditor-ready outputs from the platform trail

User Management

How roles and access determine who can see which trail