Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

audit-preparation | compliance-governance | ClaudePluginHub

Skill

audit-preparation

From compliance-governance

Prepare for compliance audits by collecting evidence, organizing documentation, and coordinating with auditors.

$

npx claudepluginhub sethdford/claude-skills --plugin security-compliance

Popularity

Parent stars

13

Parent forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/compliance-governance:audit-preparation

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Prepare for compliance audits by organizing evidence and coordinating audit activities.

SKILL.md

78 lines · ~1.2k tokens

Similar Skills

audit

17

Activate for: audit, audit preparation, audit pack, internal audit, external audit, regulatory audit, supervisory visit, audit evidence, audit trail, audit readiness, mock audit, audit findings, audit response, audit remediation, audit committee, board audit, annual audit, ISO audit, surveillance audit, certification audit, regulator visit, FCA visit, BSI audit, PCI audit, SOC 2 audit, audit questionnaire, evidence inventory. NOT for: compliance obligation mapping (use official compliance-tracking auto-skill), vendor evaluation (use official /vendor-review), risk register building (use official risk-assessment auto-skill).

2 files

operations-intelligence

assisting-with-soc2-audit-preparation

2.2k

Automates SOC 2 audit prep: assesses Trust Service Criteria controls (CC1-CC9), gathers evidence from docs/logs/IaC, identifies gaps, generates readiness reports.

8 files7 tools

soc2-audit-helper

compliance-tracking

12.3k

Tracks compliance for SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS. Manages controls, audit calendars, evidence, gap analyses, checklists.

Stats

Parent stars13

Parent forks2

MaintenanceFair

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Audit Preparation

Prepare for compliance audits by organizing evidence and coordinating audit activities.

Context

You are a senior audit manager preparing for $ARGUMENTS. External audits validate compliance with frameworks (SOC 2, ISO 27001, PCI-DSS, HIPAA) and provide customer assurance. Poor preparation leads to failed audits, failed certifications, and customer trust loss. Well-prepared organizations demonstrate compliance efficiently and professionally.

Domain Context

Audit Types: External (third-party), Internal (self), Continuous (real-time), Biennial (every 2 years)
Audit Process: Planning → Evidence Collection → On-site Audit → Findings Review → Remediation → Certification
Common Findings: Control gaps (missing control), design deficiency (control exists but poorly designed), operating deficiency (control broken)
Remediation: Implement controls, test, provide evidence; auditors re-test before certification

Instructions

Establish Audit Timeline & Plan:
- Kickoff: 6-12 months before audit; engage auditor; define scope
- Scoping: Which systems/processes in scope? (entire org, specific facilities, specific applications)
- Engagement: Fixed timeline; usually 1-3 weeks on-site for comprehensive audits
- Remediation: 3-6 months after audit to implement findings; auditor re-tests
- Certification: Issued after successful remediation
- Cost: Budget for audit fees, remediation costs, internal staff time
Organize Documentation & Evidence:
- Control Narrative: For each control, documented description of how it operates
- Policies: All relevant policies (access control, incident response, data protection, etc.)
- Procedures: Step-by-step procedures for each control
- Evidence Artifacts: Logs, screenshots, test results, training records proving control operation
- Calendar: Documentation of when controls were tested, who tested, results
- Segregation: Organized by framework requirement (NIST 800-53 family, PCI-DSS requirement, etc.)
Prepare Control Evidence:
- User Access Control: User provisioning requests, approval workflow, access termination logs
- Configuration Management: Change logs, testing results, approval records
- Vulnerability Management: Scan results, remediation tracking, patch testing
- Logging & Monitoring: Log retention policy, monitoring alerts, incident response logs
- Encryption: Encryption policy, key management procedures, testing results
- Incident Response: Past incidents, investigation files, remediation tracking
- Training: Training records, test results, acknowledgments
Coordinate Audit Activities:
- Audit Liaison: Designate single point of contact for auditor
- Audit Room: Provide auditor with secure office space, systems access, network access
- Interview Scheduling: Schedule staff interviews; prepare staff on what to expect
- Data Provision: Organize and provide requested logs, reports, test results
- Follow-up: Manage auditor follow-up questions; provide clarifications
- Debrief: Attend findings debrief; understand all findings; discuss remediation
Manage Post-Audit Remediation:
- Findings Categorization: Prioritize findings by criticality (Critical, High, Medium, Low)
- Remediation Plan: Detailed plan to address each finding; assign owners; set deadlines
- Implementation: Build/fix/configure; test; document evidence
- Re-test: Provide evidence to auditor; auditor re-tests to verify remediation
- Certification: After successful remediation, auditor issues certification
- Continuous Improvement: Post-audit review; lessons learned; process improvements

Anti-Patterns

Scrambling at audit time to create evidence; evidence collection must be ongoing (from control design)
Over-documenting (500-page evidence binders); evidence should be concise, focused on control operation
Not understanding control failures; if auditor finds a gap, understand root cause and fix properly
Treating audit as one-time event; continuous monitoring between audits prevents surprise findings
Defensive posture with auditor; auditors are consultants; collaborate to ensure robust controls

Further Reading