# Create an Audit (Plans 1 and 2)

### Prerequisites

Before you begin:

* You must have the **Admin** role in Sprinto.
* Your compliance framework should be connected if you're creating an integrated audit.
* Relevant zones and integrations should already be configured.

***

### Create an Audit

 These audits are pre-configured audits tied to a compliance framework (e.g. SOC 2, ISO 27001). These audits automatically map framework requirements to Sprinto’s control set.

#### Steps:

1. **Navigate to** **Audits** from the left navigation menu.
2. **Click** **Plan new audit.**
3. **Fill in audit details** in the "Plan an audit" screen:
   * **Zone**: Select the operational zone the audit applies to (e.g. Pacific).
   * **Audit Type**: Choose **External** or **Internal**, depending on whether it’s conducted by an external auditor.
   * **Framework**: Select the applicable compliance framework (e.g. SOC 2).
   * **Standards for the framework**: Choose one or more control categories (e.g. Security, Confidentiality).

{% hint style="info" %}
Once the audit is created, the framework cannot be changed.
{% endhint %}

<figure><img src="/files/Ly37Oj4X1JUlx5ngPB3Q" alt="" width="246"><figcaption></figcaption></figure>

4. **Set the evidence collection period**:
   * Select an **evidence collection start date** using the calendar picker.
   * Choose the **duration** (12, 6, or 3 months), or select **Custom** to define your own period.
   * The **end date** will automatically adjust based on your selection, and can be modified if needed.

<figure><img src="/files/kFLGnWzgND3pP313UcVo" alt="" width="350"><figcaption></figcaption></figure>

5. **Click “Start Audit”** to generate the audit and proceed to the requirement mapping stage.

<figure><img src="/files/5E4XpQGyXQqPXpogJH3d" alt="Custom Audit Drawer" width="246"><figcaption></figcaption></figure>

***

### Add Your Audit Requirements

After you create your audit, you’ll land on the **Summary** page. At this stage, no requirements are linked to your audit.

To begin defining the scope of what the audit will cover, you must add audit requirements.

#### To Add Audit Requirements

1. On the **Summary** page, locate the **Requirements** panel.
2. Select **Add**.

<figure><img src="/files/9W8oa2PrgD2xh3dEjJOQ" alt="" width="246"><figcaption></figcaption></figure>

3. In the side drawer, choose one of the following methods:

#### Upload Your Requirements

Use this method to upload your own list of audit requirements using a CSV file.

**To Upload a CSV File**

1. In the drawer, select **Upload your requirements**.
2. Click Download CSV template to download the template.
3. Fill in the required details and upload the file into the uploader.

<figure><img src="/files/3NDiiDpgYTgJLfI24z6D" alt="" width="563"><figcaption></figcaption></figure>

3. Review the uploaded requirements.
   * Sprinto displays a preview of the parsed file.
   * Any issues, such as missing fields or formatting errors, are shown with inline guidance.

<figure><img src="/files/Wz5lcJCV62luTOXFgLGB" alt="" width="563"><figcaption></figcaption></figure>

4. Make necessary corrections if validation errors appear.
5. Select **Save** to confirm and import your requirements.

{% hint style="info" %}
You can upload additional files later or delete and re-upload files as needed.
{% endhint %}

<figure><img src="/files/4zByOEc4YjwjYCnHwc0C" alt="" width="368"><figcaption></figcaption></figure>

***

#### Add Requirements by Framework Criteria

Use this method to select specific requirements from a compliance framework (for example, SOC 2 or ISO 27001).

**To Add Framework-Based Requirements**

1. In the drawer, select **By framework criteria**.
2. Choose a framework and the applicable standards (such as Security or Confidentiality).

<figure><img src="/files/Q4o0IzniEbZz2uEmPrW3" alt="" width="563"><figcaption></figcaption></figure>

3. Use the search or scroll to locate the relevant criteria.
4. Select the checkboxes next to the requirements you want to include.
5. Select **Save** to confirm.

{% hint style="info" %}
Sprinto auto-populates framework-based requirements with instructions and metadata, where available.
{% endhint %}

<figure><img src="/files/0MCGalr5NwOjHbWaHHWI" alt="" width="563"><figcaption></figcaption></figure>

***

#### Add Requirements by Controls

Use this method to convert existing controls into audit requirements.

**To Use Existing Controls**

1. In the drawer, select **By controls**.
2. Choose a framework to filter available controls.

<figure><img src="/files/aktmrIs3ON61spWx6bVo" alt="" width="563"><figcaption></figcaption></figure>

3. Tick the checkboxes next to the controls you want to convert.
4. Select **Add** to confirm.
5. Your selected controls are added as audit requirements with mapped descriptions.

{% hint style="info" %}
This method works best if your controls are already configured in Sprinto.
{% endhint %}

<figure><img src="/files/HBfTen5RiAofwwn1nd7K" alt="" width="563"><figcaption></figcaption></figure>

### What’s Next?

After creating the audit:

* Monitor completion status via the Audit Dashboard.
* Share access securely with auditors when you're ready.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/audits/dashboard-actions/create-an-audit-plans-1-and-2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.