Audit

Skill packages tagged with “Audit”

Browse Skills Browse all tags
BCP Audit Evidence Pack

Create a consolidated Business Continuity Evidence Pack for SOC 2, ISO 22301, or ISO 27001 audits. Combines BIA summary, RTO/RPO targets, recovery plans, DR test matrix, and auditor checklist into a single audit-ready document with cross-validation.

    Business Continuity SOC 2 ISO 22301 ISO 27001 Audit Compliance Disaster Recovery
    Learn More
    CAPA Report

    Corrective and Preventive Action reports for audit non-conformities. Enforces 5 Whys root cause analysis and a future Effectiveness Check date (ISO 9001 / ISO 13485).

      CAPA Quality ISO 9001 ISO 13485 Audit Non-conformity
      Learn More
      GDPR Vendor & Processor Audit (Art. 28)

      Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. 32 technical measures evaluation, Art. 28(5) certification review, and corrective action tracking.

        GDPR Privacy Processor Vendor Audit Art. 28 SCCs TIA Compliance Data Protection
        Learn More
        HITRUST CSF Assessment

        Draft HITRUST CSF Validated Assessment deliverables for e1, i1, or r2 certification: control requirement responses at all maturity levels, evidence artifacts, Corrective Action Plans, and the Validated Assessment Report.

          HITRUST Compliance Cybersecurity Healthcare Audit
          Learn More
          ISO 20000 Gap Assessment

          Assess current service management maturity against all ISO/IEC 20000-1:2011 requirements (Clauses 4-9). Evaluates 15 clause areas on a 0-5 maturity scale, documents gaps with remediation actions, and produces a prioritized remediation roadmap. Gap assessment validator ensures all clause areas are covered and findings are complete.

            ISO 20000 SMS Gap Assessment Audit IT Service Management
            Learn More
            ISO 27701 PIMS Internal Audit

            Plan and document a PIMS-specific internal audit. Covers audit planning, execution checklist, findings, nonconformities, and corrective actions focused on privacy controls and PII processing compliance.

              ISO 27701 Privacy Audit Internal Audit PIMS Compliance ISO 19011
              Learn More
              ISO 45001 Gap Assessment

              Perform a structured gap assessment against ISO 45001:2018 clauses 4-10. Scans for missing OHSMS documentation, rates clause maturity on a 0-5 scale, and produces a prioritized remediation roadmap for certification readiness.

                ISO 45001 OHSMS Gap Assessment Compliance Audit
                Learn More
                Maturity Level Assessor (COBIT MEA01)

                Draft maturity score justification (0–5) for COBIT objectives. Supports the board dashboard narrative. Includes evidence sufficiency audit for Level 4 claims.

                  COBIT MEA01 Maturity CMMI Performance Audit
                  Learn More
                  SOC 2 Audit Readiness Planner

                  Guided journey dashboard across all SOC 2 skills. Detects which skills have produced their expected outputs, shows progress across 4 phases (Foundation, Assessment, Documentation, Validation), and recommends the next step.

                    Compliance Security SOC 2 Audit Planning Dashboard
                    Learn More
                    SOC 2 Control Narrative Author

                    Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), control-objective mapping, and evidence placeholders for Type I/II audit.

                      SOC 2 AICPA Trust Services Criteria Compliance Audit Cybersecurity
                      Learn More
                      SOC 2 Internal Audit

                      Conduct an internal readiness audit for SOC 2 certification. Tests controls per TSC criteria, classifies findings by AICPA severity (Material Weakness, Significant Deficiency, Deficiency, Observation), organizes evidence for auditor handoff, tracks management responses, and produces a readiness assessment. The capstone skill that determines whether the organization is ready to engage an external auditor.

                        Compliance Security SOC 2 Audit AICPA Internal Audit GRC
                        Learn More
                        SOC 2 Monitoring & Testing

                        Build an ongoing monitoring and testing program for SOC 2 audit readiness. Creates a control testing plan with method, frequency, and tester assignments; an evidence collection matrix mapping controls to TSC criteria; and an exception tracker with root cause analysis and remediation. Validates testing coverage, evidence strength, and exception management.

                          Compliance Security SOC 2 Audit AICPA Trust Services Criteria Testing
                          Learn More
                          SOC 2 Organization Profile

                          Build and validate the organizational context profile for SOC 2 audit readiness. Captures principal service commitments, system requirements (SCSR), trust services categories, system boundaries, subservice organizations (carved-out/inclusive), and complementary user entity controls (CUECs). Boundary validator checks scope completeness; CUEC mapper validates controls are specific, actionable, and TSC-aligned.

                            Compliance Security SOC 2 Audit AICPA Trust Services Criteria GRC
                            Learn More
                            SOC 2 Policy Generator

                            Generate Trust Services Criteria-aligned policy documents for SOC 2 audit readiness. Produces 8 core policies (Information Security, Access Control, Change Management, Incident Response, Risk Assessment, Vendor Management, Business Continuity, Data Classification) plus optional Privacy and Processing Integrity policies — each tailored to organizational context with TSC criteria mapping, named roles, and specific systems.

                              Compliance Security SOC 2 Audit AICPA Trust Services Criteria Policy
                              Learn More
                              SOC 2 Policy Review

                              Interactive statement-by-statement review of SOC 2 policy documents. Walks through each policy statement with approve, reject, or AI rewrite options. Produces a timestamped audit trail that satisfies SOC 2 evidence requirements.

                                Compliance Security SOC 2 Audit Policy Review
                                Learn More
                                SOC 2 Readiness Gap Analysis

                                Map internal controls against AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Identifies unmapped criteria, validates evidence artifacts and tests of effectiveness, and produces a prioritized remediation roadmap for SOC 2 Type I or Type II audit readiness.

                                  Compliance SOC 2 AICPA Audit Security
                                  Learn More
                                  SOC 2 System Description & Management Assertion

                                  Draft the SOC 2 system description narrative (Section III) and management assertion letter per AICPA Trust Services Criteria (TSP Section 100) and DC Section 200 description criteria. Covers system boundaries, components, SCSR, subservice organizations (carved-out and inclusive methods), CUECs, CSOCs, control environment mapped to CC1–CC9, and trust services scope validation.

                                    Compliance Security SOC 2 Audit AICPA Trust Services Criteria
                                    Learn More
                                    SOC 2 Vendor Management

                                    Establish third-party and subservice organization oversight for SOC 2 audit readiness. Risk-tiered assessment framework with vendor register, SOC report review validation, CSOCs validation, and tiered security requirements per CC9.2. Covers vendor risk scoring, SOC report currency checks, and bridge letter tracking.

                                      Compliance Security SOC 2 Audit AICPA Vendor Management GRC
                                      Learn More
                                      SOX Section 404 — Internal Control over Financial Reporting Narrative

                                      Draft and validate management's assessment of Internal Control over Financial Reporting (ICFR) per SOX §404, aligned to the COSO 2013 framework and PCAOB AS 2201. Produces process narratives, risk-control matrices (RCMs), and control descriptions for each significant account and business process.

                                        Compliance SOX ICFR COSO PCAOB Audit Internal Controls
                                        Learn More

                                        Ready to let your expertise drive the workflow?

                                        Stop wrestling with rigid templates and generic chatbots. Describe your process, let the agent handle the rest.

                                        Get Started Free — No Sign-Up