Skill

finding-generator

Generates professional audit findings in Condition-Criteria-Cause-Effect (CCCE) format with severity levels, management letter comments, remediation recommendations, and risk assessments.

security

documentation

npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-auditor

Popularity

Parent stars

256

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/grc-auditor:finding-generator

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadWrite

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Creates professional audit findings and management letter comments.

SKILL.md

45 lines · ~368 tokens

Similar Skills

audit-remediation-program

Guides privacy audit findings remediation: prioritizes by severity (critical, high, medium, low), assigns owners, tracks deadlines, verifies fixes, applies closure criteria, and escalates overdue items.

4 files

privacy-skills-complete

finding

Guides writing structured security findings with title conventions, sections, and severity classification. Helps format standalone vulnerability reports.

8 files

grimoire

audit

Activate for: audit, audit preparation, audit pack, internal audit, external audit, regulatory audit, supervisory visit, audit evidence, audit trail, audit readiness, mock audit, audit findings, audit response, audit remediation, audit committee, board audit, annual audit, ISO audit, surveillance audit, certification audit, regulator visit, FCA visit, BSI audit, PCI audit, SOC 2 audit, audit questionnaire, evidence inventory. NOT for: compliance obligation mapping (use official compliance-tracking auto-skill), vendor evaluation (use official /vendor-review), risk register building (use official risk-assessment auto-skill).

2 files

operations-intelligence

Stats

LanguageJavaScript

Parent stars256

Parent forks49

MaintenanceGood

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Finding Generator

Creates professional audit findings and management letter comments.

Capabilities

Finding Documentation: Structures findings per professional standards

Root Cause Analysis: Identifies underlying causes of deficiencies

Risk Assessment: Evaluates finding severity and impact

Remediation Guidance: Provides actionable recommendations

Finding Format (CCCE)

Condition: What was found (the deficiency)

Criteria: What should be (the standard/requirement)

Cause: Why it happened (root cause)

Effect: What could result (risk/impact)

Finding Severity Levels

High: Material weakness, significant deficiency

Medium: Control deficiency with moderate risk

Low: Opportunity for improvement

Output Formats

Formal audit findings with management response sections

Management letter comments

Gap analysis reports

Remediation tracking worksheets

Example Usage

When documenting an access control finding:

Condition: 3 of 25 terminated users retained access for >30 days

Criteria: Policy requires access removal within 24 hours

Cause: Manual termination process lacks HR integration

Effect: Risk of unauthorized access to sensitive data