Finding Generator

Creates professional audit findings and management letter comments.

Capabilities

• Finding Documentation: Structures findings per professional standards
• Root Cause Analysis: Identifies underlying causes of deficiencies
• Risk Assessment: Evaluates finding severity and impact
• Remediation Guidance: Provides actionable recommendations

Finding Format (CCCE)

• Condition: What was found (the deficiency)
• Criteria: What should be (the standard/requirement)
• Cause: Why it happened (root cause)
• Effect: What could result (risk/impact)

Finding Severity Levels

• High: Material weakness, significant deficiency
• Medium: Control deficiency with moderate risk
• Low: Opportunity for improvement

Output Formats

• Formal audit findings with management response sections
• Management letter comments
• Gap analysis reports
• Remediation tracking worksheets

Example Usage

When documenting an access control finding:

• Condition: 3 of 25 terminated users retained access for >30 days
• Criteria: Policy requires access removal within 24 hours
• Cause: Manual termination process lacks HR integration
• Effect: Risk of unauthorized access to sensitive data