By name: finding-generator description: Generates professional audit findings using the Condition-Criteria-Cause-Effect format. Creates management letter comments and remediation recommendations. allowed-tools: Read, Write
Finding Generator
Creates professional audit findings and management letter comments.
Capabilities
- Finding Documentation: Structures findings per professional standards
- Root Cause Analysis: Identifies underlying causes of deficiencies
- Risk Assessment: Evaluates finding severity and impact
- Remediation Guidance: Provides actionable recommendations
Finding Format (CCCE)
- Condition: What was found (the deficiency)
- Criteria: What should be (the standard/requirement)
- Cause: Why it happened (root cause)
- Effect: What could result (risk/impact)
Finding Severity Levels
- High: Material weakness, significant deficiency
- Medium: Control deficiency with moderate risk
- Low: Opportunity for improvement
Output Formats
- Formal audit findings with management response sections
- Management letter comments
- Gap analysis reports
- Remediation tracking worksheets
Example Usage
When documenting an access control finding:
- Condition: 3 of 25 terminated users retained access for >30 days
- Criteria: Policy requires access removal within 24 hours
- Cause: Manual termination process lacks HR integration
- Effect: Risk of unauthorized access to sensitive data