Recipe: Audit Prep Agent

The Audit Prep Agent reduces weeks of audit preparation to hours by automatically gathering evidence, mapping controls to supporting documents, and flagging gaps.

What it does

Evidence gathering — locates and organizes supporting documents for each control
Control mapping — matches your control framework (SOC 2, SOX, custom) to available evidence
Gap detection — identifies controls without sufficient documentation or with stale evidence
Auditor packet assembly — generates organized evidence packages by control area

Required connections

Source	What it provides
Google Drive / SharePoint	Policy documents, evidence files
Vanta / Drata (optional)	Control framework, existing mappings
Slack	Approval threads, decision context
Accounting system	Financial controls evidence

Example interactions

You: How ready are we for the SOC 2 audit next month?

Agent: Coverage: 34/41 controls have current evidence. 7 gaps:

CC6.1 (Logical access) — last access review doc is from January (stale, need quarterly)

CC7.2 (Monitoring) — no evidence of alert review process

CC8.1 (Change management) — 3 PRs merged without approval in April …

Recommendation: prioritize CC6.1 (quick fix — run access review this week) and CC8.1 (need retroactive approval documentation).

You: Generate the evidence packet for CC6.1

Agent: Evidence packet for CC6.1 (Logical and Physical Access Controls):

Access review spreadsheet (Jan 2025) [Google Sheets link]

IAM policy document v2.3 [Drive link]

Okta access logs export (May 2025) [generated]

GAP: No Q2 access review completed. Template ready — assign to @ops-lead?

Permissions

Role	Access
Compliance Admin	Full — all evidence, can trigger evidence generation
Compliance Member	Read — view coverage status, ask questions
Auditor (Guest)	Read-only — view assembled evidence packets, no raw source access

Deploy

Go to Recipes → Audit Prep Agent → Deploy. Connect sources and select your control framework. The agent indexes existing evidence on first sync.