Skill

finding-generator

Generates professional audit findings in Condition-Criteria-Cause-Effect (CCCE) format with severity levels, management letter comments, remediation recommendations, and risk assessments.

security

documentation

Install

npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-auditor

Tool Access

This skill is limited to using the following tools:

ReadWrite

Preview

Creates professional audit findings and management letter comments.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.0k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

bmad-help

Analyzes BMad project state from catalog CSV, configs, artifacts, and query to recommend next skills or answer questions. Useful for help requests, 'what next', or starting BMad.

bmad-pro-skills

43.8k

Stats

Parent Repo Stars21

Parent Repo Forks4

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Finding Generator

Creates professional audit findings and management letter comments.

Capabilities

Finding Documentation: Structures findings per professional standards
Root Cause Analysis: Identifies underlying causes of deficiencies
Risk Assessment: Evaluates finding severity and impact
Remediation Guidance: Provides actionable recommendations

Finding Format (CCCE)

Condition: What was found (the deficiency)
Criteria: What should be (the standard/requirement)
Cause: Why it happened (root cause)
Effect: What could result (risk/impact)

Finding Severity Levels

High: Material weakness, significant deficiency
Medium: Control deficiency with moderate risk
Low: Opportunity for improvement

Output Formats

Formal audit findings with management response sections
Management letter comments
Gap analysis reports
Remediation tracking worksheets

Example Usage

When documenting an access control finding:

Condition: 3 of 25 terminated users retained access for >30 days
Criteria: Policy requires access removal within 24 hours
Cause: Manual termination process lacks HR integration
Effect: Risk of unauthorized access to sensitive data