How it Works

Understand the end-to-end flow of how to manage audits in Sprinto. From setting up an audit event to tracking tasks and outcomes, Sprinto’s audit workflow ensures you're always in control and audit-ready.


Workflow

Given below is a complete end-to-end flow of how an Audit works.

Step 1: Create an Audit Event

Start by creating a new audit event—this represents a scheduled audit, such as "SOC 2 Type II – Q1 2025".

You can choose between:

  • Partner Audit: Pre-configured based on your selected framework (e.g. SOC 2, ISO 27001).

  • Custom Audit: Fully flexible, suited for internal reviews or customer questionnaires.

  • You can duplicate past audits to maintain consistency.

  • Add relevant metadata like the audit period, zone, and auditor.


Step 2: Assign Tasks and Upload Evidence

Once your audit event is created, Sprinto automatically maps relevant controls and requirements to the audit.

  • Assign tasks to evidence owners across your organisation.

  • Upload supporting documents and link them to the mapped requirements.

  • Maintain status updates across these tasks for better visibility.

  • Use pre-mapped controls and evidence from existing integrations.

  • The same document can be reused across multiple requirements where applicable.


Step 3: Internal Review and Auditor Access

Before submission, perform an internal review to ensure all requirements are complete.

  • Mark requirements as "Ready for Audit".

  • Share secure, read-only access with your auditor.

  • Use the auditor view to simulate what they will see.

  • You can revoke auditor access at any time.

  • Sprinto maintains an audit log of all shared content for transparency.


Step 4: Monitor Audit Progress and Report Outcomes

Track audit progress using the Audit Dashboard and Lifecycle Reporting.

  • View overall completion status and requirement breakdowns.

  • Identify pending tasks and overdue items.

  • Export reports for internal reviews or board reporting.

  • Use the Lifecycle Reporting section to monitor each phase—from evidence collection to final audit closure.

  • Reports are available for both partner and custom audits.

Last updated