An internal audit serves as a structured review process to evaluate the effectiveness of your organisation’s information security controls, risk management, and compliance practices. Conducting internal audits periodically ensures that gaps are identified early and that your compliance posture remains strong before external audits.
Sprinto’s workflow check helps you track, document, and provide evidence of your Internal Audit activity. The collected evidence is later used during compliance audits across frameworks such as ISO 27001, SOC 2, and GDPR.
Ensure that you:
Have administrative access to your Sprinto account.
Know the frequency at which internal audits are to be performed (e.g., quarterly, annually).
Have access to internal audit reports or summary findings that can be uploaded as evidence.
Log in to your Sprinto account as an Administrator.
Navigate to Data Library → Workflow Checks.
Click Create Check → Add from template.
Locate Internal Audit should be conducted periodically from the checklist and click Enable.
On the Add Workflow Check page, click Edit to:
Set the desired frequency (default: every 12 months).
Assign responsible personnel and reviewers.
Click Add check.
Once enabled, the check status will appear as Due, Critical, or Failing until evidence is uploaded.
Here's a short video on how to resolve this workflow check.
Log in to the Sprinto Admin Portal.
Go to Data Library → Workflow Checks.
Select the Internal Audit should be conducted periodically check.
Click Upload evidence.
Enter the Evidence Record Date, then choose how to upload:
File: Upload the audit report or summary file directly.
Link: Provide a link to the internal audit documentation stored securely online.
Click Finish.
The check will automatically update to Passing once the evidence is verified.
You can provide one or more of the following:
Internal audit report or summary.
Evidence of meeting minutes or corrective actions.
Screenshots of the audit management tool or tracker showing completed audit status.
The default frequency is annual, but you can adjust it to quarterly or bi-annual depending on your compliance requirements.
Last updated
