# Create an Audit (Plans 3 and 4)

Sprinto enables you to create and manage both **integrated** and **custom** audits from a unified interface. This guide walks you through the steps required to set up each type of audit.

***

### Prerequisites

Before you begin:

* You must have the **Admin** role in Sprinto.
* Your compliance framework should be connected if you're creating an integrated audit.
* Relevant zones and integrations should already be configured.

***

### Create a Partner Audit

Integrated audits are pre-configured audits tied to a compliance framework (e.g. SOC 2, ISO 27001). These audits automatically map framework requirements to Sprinto’s control set.

#### Steps:

1. **Navigate to** **Audits** from the left navigation menu.
2. **Click** **Plan new audit** and select **Partner Audit**.

<figure><img src="/files/aWwtrYbTj5kagSJwrH0Y" alt="Audit Type Selection" width="246"><figcaption></figcaption></figure>

3. **Fill in audit details** in the "Plan an audit" screen:
   * **Zone**: Select the operational zone the audit applies to (e.g. Pacific).
   * **Audit Type**: Choose **External** or **Internal**, depending on whether it’s conducted by an external auditor.
   * **Framework**: Select the applicable compliance framework (e.g. SOC 2).
   * **Standards for the framework**: Choose one or more control categories (e.g. Security, Confidentiality).

{% hint style="warning" %}
&#x20;Once the audit is created, audit type and framework cannot be changed.
{% endhint %}

<figure><img src="/files/Ly37Oj4X1JUlx5ngPB3Q" alt="" width="246"><figcaption></figcaption></figure>

4. **Set the evidence collection period**:
   * Select an **evidence collection start date** using the calendar picker.
   * Choose the **duration** (12, 6, or 3 months), or select **Custom** to define your own period.
   * The **end date** will automatically adjust based on your selection, and can be modified if needed.

<figure><img src="/files/kFLGnWzgND3pP313UcVo" alt="" width="350"><figcaption></figcaption></figure>

5. **Click “Start Audit”** to generate the audit and proceed to the requirement mapping stage.

***

### Create a Custom Audit

Use custom audits in Sprinto to conduct internal reviews, respond to customer questionnaires, or manage non-framework-based assessments. This option allows you to define your own set of audit requirements from scratch.

#### Steps

1. **Go to** **Audits** from the left-hand navigation menu.
2. **Select** **Plan new audit** in the top-right corner.
3. In the audit type selection screen, **choose** **Custom audit**.

<figure><img src="/files/aWwtrYbTj5kagSJwrH0Y" alt="Audit Type Selection" width="246"><figcaption></figcaption></figure>

1. **Choose the audit type**:
   * Select **External** if the audit will be performed by an external auditor.
   * Select **Internal** if the audit will be conducted within your organisation.\
     The explanatory text will adjust automatically based on your selection.
2. **Select an auditor** (optional for internal audits):
   * Use the dropdown list to choose an existing auditor (for example, EY, Deloitte, or KPMG).
   * If the auditor is not listed, type the name and select **Add** to include them manually.
3. **Configure the evidence collection period**:
   * Select a **start date** for the evidence collection using the calendar picker.
   * Choose a **collection duration**—12 months, 6 months, 3 months, or select **Custom** to define your own range.
   * The **end date** will be calculated automatically and can be edited if needed.
4. **Select** **Start audit** to create the audit and proceed to the next step, where you can add or upload your audit requirements.

<figure><img src="/files/5E4XpQGyXQqPXpogJH3d" alt="Custom Audit Drawer" width="246"><figcaption></figcaption></figure>

***

### Add Your Audit Requirements

After you create your audit, you’ll land on the **Summary** page. At this stage, no requirements are linked to your audit.

To begin defining the scope of what the audit will cover, you must add audit requirements.

#### To Add Audit Requirements

1. On the **Summary** page, locate the **Requirements** panel.
2. Select **Add**.

<figure><img src="/files/9W8oa2PrgD2xh3dEjJOQ" alt="" width="246"><figcaption></figcaption></figure>

3. In the side drawer, choose one of the following methods:

#### Upload Your Requirements

Use this method to upload your own list of audit requirements using a CSV file.

**To Upload a CSV File**

1. In the drawer, select **Upload your requirements**.
2. Click Download CSV template to download the template.
3. Fill in the required details and upload the file into the uploader.

<figure><img src="/files/3NDiiDpgYTgJLfI24z6D" alt="" width="563"><figcaption></figcaption></figure>

3. Review the uploaded requirements.
   * Sprinto displays a preview of the parsed file.
   * Any issues, such as missing fields or formatting errors, are shown with inline guidance.

<figure><img src="/files/Wz5lcJCV62luTOXFgLGB" alt="" width="563"><figcaption></figcaption></figure>

4. Make necessary corrections if validation errors appear.
5. Select **Save** to confirm and import your requirements.

{% hint style="info" %}
You can upload additional files later or delete and re-upload files as needed.
{% endhint %}

<figure><img src="/files/4zByOEc4YjwjYCnHwc0C" alt="" width="368"><figcaption></figcaption></figure>

***

#### Add Requirements by Framework Criteria

Use this method to select specific requirements from a compliance framework (for example, SOC 2 or ISO 27001).

**To Add Framework-Based Requirements**

1. In the drawer, select **By framework criteria**.
2. Choose a framework and the applicable standards (such as Security or Confidentiality).

<figure><img src="/files/Q4o0IzniEbZz2uEmPrW3" alt="" width="563"><figcaption></figcaption></figure>

3. Use the search or scroll to locate the relevant criteria.
4. Select the checkboxes next to the requirements you want to include.
5. Select **Save** to confirm.

{% hint style="info" %}
Sprinto auto-populates framework-based requirements with instructions and metadata, where available.
{% endhint %}

<figure><img src="/files/0MCGalr5NwOjHbWaHHWI" alt="" width="563"><figcaption></figcaption></figure>

***

#### Add Requirements by Controls

Use this method to convert existing controls into audit requirements.

**To Use Existing Controls**

1. In the drawer, select **By controls**.
2. Choose a framework to filter available controls.

<figure><img src="/files/aktmrIs3ON61spWx6bVo" alt="" width="563"><figcaption></figcaption></figure>

3. Tick the checkboxes next to the controls you want to convert.
4. Select **Add** to confirm.
5. Your selected controls are added as audit requirements with mapped descriptions.

{% hint style="info" %}
This method works best if your controls are already configured in Sprinto.
{% endhint %}

<figure><img src="/files/HBfTen5RiAofwwn1nd7K" alt="" width="563"><figcaption></figcaption></figure>

### What’s Next?

After creating the audit:

* Monitor completion status via the Audit Dashboard.
* Share access securely with auditors when you're ready.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/audits/dashboard-actions/create-an-audit-plans-3-and-4.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.