Audit readinessSOC 2 collection

Audit request intake template

A lightweight template for capturing auditor requests, owners, due dates, and evidence status in one place.

Chloe Thompson

By Chloe Thompson

Cloud Security & SOC Analyst Writer · 6 min read

Track every request with the same fields

FieldPurpose
Request IDUnique reference
Control or topicWhat the auditor is asking about
OwnerWho responds
Due dateWhen the response is needed
Evidence linkWhere the proof lives
StatusOpen, in progress, submitted, closed
PriorityHelps sequence urgent fieldwork requests
ReviewerPerson who confirms the response is complete
Submitted dateWhen the item was sent to the auditor
Follow-up notesClarifications, exceptions, or auditor comments

Why this matters

Audit work gets chaotic when requests are tracked in inboxes. A simple intake structure keeps fieldwork organized and visible.

Auditor requests often arrive in waves. One request may ask for a policy, another for a sample population, another for screenshots, and another for evidence tied to a specific control. If each request is handled in a separate email thread, the team quickly loses track of ownership and status.

The intake table should become the single source of truth for fieldwork. It does not need to replace the auditor's portal, but it should give your internal team a clear operating view.

Recommended status flow

Use a small status set:

  • New: request has arrived but has not been triaged.
  • Assigned: owner has been named.
  • In progress: evidence is being gathered or reviewed.
  • Needs clarification: request is blocked on auditor or internal context.
  • Ready for review: evidence is prepared and needs final check.
  • Submitted: response has been sent.
  • Closed: auditor accepted the response or no further action is expected.
Avoid vague statuses like "pending" unless they have a defined meaning. Every open request should make the next action obvious.

Owner rules

Assign one accountable owner per request. Contributors can help, but the owner is responsible for driving the response to completion.

Good owner examples:

  • Access review evidence: IT or identity owner
  • Change management samples: engineering manager or release owner
  • Vendor review evidence: procurement or security owner
  • Policy approvals: compliance or policy owner
  • Incident response samples: security lead
If a request spans multiple owners, split it into child tasks or add contributor fields. Do not let shared ownership hide the next action.

Review before submission

Before sending evidence to the auditor, confirm:

  • The evidence matches the request.
  • The sample period is correct.
  • Screenshots or exports show dates where needed.
  • Redactions are appropriate.
  • Exceptions are explained.
  • Links are accessible.
  • The response does not include unrelated sensitive material.
This review step catches most avoidable back-and-forth.

Template usage tip

At the start of fieldwork, load every auditor request into the intake table and review it daily. During calmer periods, twice a week may be enough. Keep the table visible to leadership so blockers are surfaced before due dates slip.

Keep the momentum

Turn this guidance into a working program

CloudAnzen helps teams connect evidence, review failing controls, manage risk, and stay audit-ready across frameworks from one place.