II.
Workflow overview
Reference · liveworkflow:compliance-audit
Compliance Audit overview
Annual cross-team workflow that evaluates the organisation's adherence to regulatory requirements, contractual obligations, and internal policy standards (e.g. GDPR, HIPAA, PCI-DSS, SOC 2). The compliance officer coordinates with legal, security, engineering, and finance teams to gather evidence across controls. An internal pre-audit assesses readiness before engaging external auditors. Findings and non-conformances are tracked in a remediation register with owners and deadlines. After remediation, evidence is re-submitted, and the final audit report is issued. Board and leadership are briefed on audit outcomes, and the compliance programme is updated to reflect new requirements.
Attributes
displayName
Compliance Audit
description
Annual cross-team workflow that evaluates the organisation's adherence to regulatory
requirements, contractual obligations, and internal policy standards (e.g. GDPR, HIPAA,
PCI-DSS, SOC 2). The compliance officer coordinates with legal, security, engineering,
and finance teams to gather evidence across controls. An internal pre-audit assesses
readiness before engaging external auditors. Findings and non-conformances are tracked
in a remediation register with owners and deadlines. After remediation, evidence is
re-submitted, and the final audit report is issued. Board and leadership are briefed on
audit outcomes, and the compliance programme is updated to reflect new requirements.
workflowKind
governance
triggerType
scheduled
typicalCadence
annual
complexity
complex
Outgoing edges
applies_to_domain2
- domain:cybersecurity·DomainCybersecurity
- domain:infrastructure·DomainInfrastructure
involves_role6
- role:compliance-officer·RoleCompliance Officer
- role:legal-counsel·RoleLegal Counsel
- role:audit-analyst·RoleAudit Analyst
- role:security-engineer·RoleSecurity Engineer
- role:vp-engineering·RoleVP of Engineering
- role:privacy-engineer·RolePrivacy Engineer
triggers_responsibility4
- responsibility:compliance-monitoring·ResponsibilityCompliance Monitoring
- responsibility:risk-assessment·ResponsibilityRisk Assessment
- responsibility:documentation·ResponsibilityDocumentation
- responsibility:stakeholder-communication·ResponsibilityStakeholder Communication
Incoming edges
follows_workflow1
- stack-profile:compliance-audit-trail·StackProfileCompliance & Audit Trail (Go, PostgreSQL, RabbitMQ, Vault, Elasticsearch, Prometheus)
lib_implements_workflow44
- lib-agent:legal--corporate-counsel·LibraryAgentcorporate-counsel
- lib-agent:legal--corporate-secretary·LibraryAgentcorporate-secretary
- lib-agent:security-compliance--risk-scoring-agent·LibraryAgentrisk-scoring-agent
- lib-agent:security-compliance--security-requirements-agent·LibraryAgentsecurity-requirements-agent
- lib-process:legal--adr-procedures·LibraryProcessadr-procedures
- lib-process:legal--board-governance-framework·LibraryProcessboard-governance-framework
- lib-process:legal--compliance-monitoring-testing·LibraryProcesscompliance-monitoring-testing
- lib-process:legal--compliance-program-development·LibraryProcesscompliance-program-development
- lib-process:legal--compliance-risk-assessment·LibraryProcesscompliance-risk-assessment
- lib-process:legal--compliance-training-program·LibraryProcesscompliance-training-program
- lib-process:legal--contract-drafting-automation·LibraryProcesscontract-drafting-automation
- lib-process:legal--contract-lifecycle-management·LibraryProcesscontract-lifecycle-management
- lib-process:legal--contract-negotiation-playbook·LibraryProcesscontract-negotiation-playbook
- lib-process:legal--contract-obligation-tracking·LibraryProcesscontract-obligation-tracking
- lib-process:legal--contract-review-analysis·LibraryProcesscontract-review-analysis
- lib-process:legal--corporate-policy-management·LibraryProcesscorporate-policy-management
- lib-process:legal--corporate-records-management·LibraryProcesscorporate-records-management
- lib-process:legal--data-breach-response·LibraryProcessdata-breach-response
- lib-process:legal--data-mapping-inventory·LibraryProcessdata-mapping-inventory
- lib-process:legal--data-subject-rights-management·LibraryProcessdata-subject-rights-management
- lib-process:legal--ediscovery-management·LibraryProcessediscovery-management
- lib-process:legal--entity-management·LibraryProcessentity-management
- lib-process:legal--gdpr-compliance-program·LibraryProcessgdpr-compliance-program
- lib-process:legal--ip-licensing-management·LibraryProcessip-licensing-management
- lib-process:legal--ip-portfolio-management·LibraryProcessip-portfolio-management
- lib-process:legal--legal-hold-implementation·LibraryProcesslegal-hold-implementation
- lib-process:legal--litigation-management·LibraryProcesslitigation-management
- lib-process:legal--patent-filing-prosecution·LibraryProcesspatent-filing-prosecution
- lib-process:legal--privacy-impact-assessment·LibraryProcessprivacy-impact-assessment
- lib-process:legal--regulatory-change-management·LibraryProcessregulatory-change-management
- lib-process:legal--trade-secret-protection·LibraryProcesstrade-secret-protection
- lib-process:legal--trademark-registration-protection·LibraryProcesstrademark-registration-protection
- lib-skill:legal--board-governance·LibrarySkillboard-governance
- lib-skill:legal--corporate-records·LibrarySkillcorporate-records
- lib-skill:legal--entity-management·LibrarySkillentity-management
- lib-skill:legal--policy-management·LibrarySkillpolicy-management
- lib-skill:security-compliance--compliance-evidence-collector·LibrarySkillcompliance-evidence-collector
- lib-skill:security-compliance--gdpr-compliance-automator·LibrarySkillgdpr-compliance-automator
- lib-skill:security-compliance--hipaa-compliance-automator·LibrarySkillhipaa-compliance-automator
- lib-skill:security-compliance--multi-cloud-security-posture·LibrarySkillmulti-cloud-security-posture
- lib-skill:security-compliance--pci-dss-compliance-automator·LibrarySkillpci-dss-compliance-automator
- lib-skill:security-compliance--soc2-compliance-automator·LibrarySkillsoc2-compliance-automator
- lib-skill:security-compliance--vendor-risk-monitor·LibrarySkillvendor-risk-monitor
- lib-skill:security-compliance--vendor-security-questionnaire·LibrarySkillvendor-security-questionnaire