Audit Prep Assistant

Audit Prep Assistant is a community skill for preparing organizations for compliance audits, covering evidence collection automation, control mapping, gap analysis, document generation, and readiness assessment for frameworks like SOC 2, ISO 27001, and HIPAA.

What Is This?

Overview

Audit Prep Assistant provides patterns for automating audit preparation workflows. It covers evidence collection that gathers documentation, configurations, and access logs from systems to satisfy audit control requirements, control mapping that links organizational policies to specific framework requirements across SOC 2, ISO 27001, and HIPAA, gap analysis that identifies missing controls and insufficient evidence before the audit begins, document generation that creates policy documents, procedure descriptions, and evidence summaries, and readiness assessment that scores organizational preparedness across control categories. The skill enables compliance teams to prepare systematically for audits.

Who Should Use This

This skill serves compliance officers managing audit preparation timelines and deliverables, engineering teams providing technical evidence for security controls, and startups preparing for their first SOC 2 or ISO 27001 certification.

Why Use It?

Problems It Solves

Gathering audit evidence manually from multiple systems is time-consuming and error-prone. Control requirement mapping across frameworks requires deep knowledge of each standard. Gaps in evidence are discovered during audits causing delays and findings. Policy documents become outdated when not linked to actual system configurations.

Core Highlights

Evidence collector automates gathering of system configurations, access reviews, and change logs. Control mapper links evidence to specific audit framework requirements. Gap analyzer identifies missing evidence and weak controls before auditor review. Document generator creates audit-ready policy and procedure documentation.

How to Use It?

Basic Usage

from dataclasses\
  import dataclass, field
from enum import Enum

class Framework(Enum):
  SOC2 = 'soc2'
  ISO27001 = 'iso27001'
  HIPAA = 'hipaa'

@dataclass
class Control:
  id: str
  name: str
  framework: Framework
  evidence_types:\
    list[str]
  status: str = 'pending'

@dataclass
class AuditPrep:
  framework: Framework
  controls: list[Control] =\
    field(default_factory=list)
  evidence: dict[str,\
    list[str]] =\
    field(default_factory=dict)

  def assess_readiness(
    self
  ) -> dict:
    total = len(self.controls)
    covered = sum(
      1 for c
      in self.controls
      if c.id in self.evidence
      and len(
        self.evidence[c.id])
      >= len(
        c.evidence_types))
    gaps = [
      c for c
      in self.controls
      if c.id not in
        self.evidence
      or len(
        self.evidence.get(
          c.id, []))
      < len(
        c.evidence_types)]

    return {
      'score': round(
        covered / total
        * 100) if total
        else 0,
      'total': total,
      'covered': covered,
      'gaps': [{
        'control': g.id,
        'name': g.name,
        'missing':
          list(set(
            g.evidence_types)
          - set(
            self.evidence.get(
              g.id, []))),
      } for g in gaps],
    }

Real-World Examples

import subprocess
import json
from datetime import datetime

class EvidenceCollector:
  def __init__(self):
    self.evidence = []

  def collect_aws_config(
    self
  ) -> dict:
    # MFA enforcement
    mfa = json.loads(
      subprocess.check_output(
        ['aws', 'iam',
         'get-account-'
         + 'summary'],
        text=True))

    # Encryption at rest
    buckets = json.loads(
      subprocess.check_output(
        ['aws', 's3api',
         'list-buckets'],
        text=True))

    evidence = {
      'type': 'aws_config',
      'timestamp':
        datetime.utcnow()
          .isoformat(),
      'mfa_summary':
        mfa.get(
          'SummaryMap', {}),
      'bucket_count': len(
        buckets.get(
          'Buckets', [])),
    }
    self.evidence.append(
      evidence)
    return evidence

  def generate_report(
    self
  ) -> dict:
    return {
      'collected_at':
        datetime.utcnow()
          .isoformat(),
      'evidence_count':
        len(self.evidence),
      'items':
        self.evidence,
    }

Advanced Tips

Map controls across multiple frameworks simultaneously to reuse evidence for overlapping requirements between SOC 2 and ISO 27001. Schedule automated evidence collection to run monthly so evidence stays current for continuous compliance. Use version-controlled policy documents linked to the controls they satisfy for traceability.

When to Use It?

Use Cases

Prepare for a SOC 2 Type II audit by mapping controls and collecting evidence from AWS and GitHub. Run a gap analysis before an ISO 27001 certification audit to prioritize remediation. Automate monthly evidence collection for continuous compliance monitoring.

Related Topics

Compliance auditing, SOC 2, ISO 27001, evidence collection, and security controls.

Important Notes

Requirements

Access to system configurations and logs for evidence collection. Framework control requirements for the target audit standard. Document management system for organizing evidence and policies.

Usage Recommendations

Do: start evidence collection at least three months before a scheduled audit. Map each control to specific evidence types and verify completeness regularly. Automate repeatable evidence gathering to reduce preparation burden.

Don't: wait until the audit begins to identify evidence gaps. Use stale evidence from previous periods without updating to current configurations. Assume passing one framework automatically satisfies another without explicit control mapping.

Limitations

Automated evidence collection cannot replace auditor judgment on control effectiveness. Some controls require manual evidence like training records and policy acknowledgments. Gap analysis identifies missing evidence but cannot assess whether existing controls are operating effectively.