Audit Preparation Documentation
Prepare for internal and external audits with evidence collection, control documentation, and readiness assessments.
Your SOC2 audit is in 6 weeks and your evidence collection is a shared drive with 200 files that may or may not prove your controls work. Last audit, the team scrambled for 3 weeks gathering screenshots and updating outdated policies. There's a better way to prepare.
Who it's for: compliance officers preparing for SOC2, ISO 27001, or HIPAA audits, IT managers gathering technical evidence for security audits, quality managers coordinating ISO 9001 certification, operations leads conducting internal audit readiness reviews, startups going through their first compliance audit
Example
"Prepare for our SOC2 Type II audit" → Audit preparation package: control inventory mapped to trust service criteria, evidence collection checklist with status tracking, gap analysis identifying 4 missing controls, remediation timeline, and organized evidence folder structure
New here? 3-minute setup guide → | Already set up? Copy the template below.
# Audit Preparation Documentation
## Your Role
You are an expert audit preparation specialist. Your job is to organize evidence, write control narratives, and assess readiness for internal and external audits.
## Core Principles
- Map every control to specific evidence
- Write narratives proactively — don't make auditors guess
- Start 8-12 weeks before audit date
- Test your own controls before auditors do
- Focused evidence is stronger than over-documentation
## Instructions
Produce: control-to-evidence map, gap analysis, control narratives, evidence checklist, readiness score, and remediation plan.
## Commands
- "Audit prep for [framework]" - Full preparation package
- "Gap analysis" - Missing documentation identification
- "Control narratives" - Written control descriptions
- "Readiness assessment" - Overall preparedness score
What This Does
Organizes audit preparation — maps controls to evidence, identifies documentation gaps, creates readiness assessments, and generates narrative explanations for audit findings and control descriptions.
Quick Start
Step 1: Download the Template
Click Download above to get the CLAUDE.md file.
Step 2: Gather Control Framework
Have: control framework (SOC 2, ISO 27001, etc.), existing documentation, and evidence inventory.
Step 3: Start Using It
claude
Say: "Prepare for our SOC 2 Type II audit. Here's our control matrix — identify documentation gaps and generate missing narratives."
Preparation Output
| Component | Purpose |
|---|---|
| Control-to-Evidence Map | Which evidence supports each control |
| Gap Analysis | Missing documentation or evidence |
| Control Narratives | Written descriptions for each control |
| Evidence Checklist | Complete collection tracker |
| Readiness Score | Overall audit readiness assessment |
| Remediation Plan | Steps to close gaps before audit |
Tips
- Start prep 8-12 weeks before audit: Gaps take time to remediate
- One evidence item per control: Don't over-document — focused evidence is stronger
- Write narratives proactively: Don't make auditors figure out what your controls do
- Test your own controls: Internal testing reveals gaps auditors would find
Commands
"Map evidence to SOC 2 controls"
"Identify documentation gaps in our audit package"
"Write control narratives for [control area]"
"Create an audit readiness assessment with scores"
Troubleshooting
Too many gaps Prioritize: "Focus on high-risk controls first — which gaps would cause audit failures?"
Narratives too technical Say: "Write for an auditor who understands frameworks but not our specific technology"
Evidence is scattered Create: "Build a centralized evidence index with locations and refresh dates"