SkillMachine
All skills

Audit Evidence Collector

Report

From a financial process to a control matrix, sample sizes and a PBC evidence list — anchored to named audit standards.

Live output preview

Input Format: Input FormatOutputWatch the Output: Watch the Output

A plan is required to view this content

Choose a plan to access input format, sample outputs, and live previews.

View Plans →

About the skill

What it does

The Audit Evidence Collector takes a financial/operational process (P2P purchase-to-pay, O2C order-to-cash, payroll, inventory, close, expense, treasury) and produces three linked deliverables an auditor can take to the field: a control matrix, a numeric sampling design and a PBC (Prepared By Client) evidence checklist — all anchored to named audit standards rather than gut judgment.

The flow runs in order. First a single transaction is traced end-to-end (walkthrough → design effectiveness); for each step a "what-can-go-wrong" (WCGW) is derived and bound to a PCAOB-style assertion (Occurrence/Existence, Completeness, Accuracy, Cutoff, Rights & Obligations, Presentation). Each control is classified into a COSO component and flagged preventive/detective, manual/automated, key or not. A Segregation of Duties (SoD) breach — same person approving and paying — is always a critical red line. Then, using RoMM logic, inherent risk (1-5) × control design (1-5) is scored and a test strategy chosen (test of controls vs substantive). With ISA 530, sample sizes are computed numerically: attribute sampling for controls (n ≈ R/TDR, e.g. 95% confidence + 5% tolerable deviation → 60 items) and MUS for monetary tests. Finally each piece of evidence is placed in the ISA 500 reliability hierarchy (external-independent 1.0 > internal-controlled 0.7 > internal-uncontrolled 0.4 > representation 0.2) and an Evidence Sufficiency Score (0-100) is computed. Uncollectable evidence is never silently skipped — it is written to gaps.

When to use it

For requests like "I'm preparing for an audit, what do I need to prove", "build a control matrix", "what should the sample size be", "prepare a PBC list". For internal auditors, external-audit seniors/associates, control owners and SOX/internal-control leads who need to know which control exists in a process, whether it operates, and how much evidence to collect.

Method / frameworks

  • COSO 2013 — 5 components / 17 principles; basis for control classification.
  • ISA 315 (Revised) — RoMM: inherent risk × control risk.
  • ISA 330 — auditor response: test of controls vs substantive.
  • ISA 500 — sufficiency (quantity) + appropriateness (relevance + reliability hierarchy).
  • ISA 530 — attribute sampling, MUS, deviation projection.
  • IIA Three Lines Model (2020) — who runs / oversees / tests each control.
  • Walkthrough + ToC vs Substantive — design vs operating effectiveness tested separately.

How do I use this skill?

You don't "run" a skill — after installing it you just tell the agent your task (e.g. ask for the relevant job), and the skill kicks in by itself when its description matches.

Upload the denetim-kanit-toplayici.zip you downloaded as-is — no packaging needed, the format is already correct (folder at root).

  1. Open Settings → Customize → Skills
  2. Upload → select the denetim-kanit-toplayici.zip you downloaded
  3. Claude reads SKILL.md; the name + description appear. Ready ✅

Scripts run in Anthropic's code-execution environment (sandbox) — not on your machine.