01
Audit Finding Writer
Turn raw fieldwork notes into a five-element finding that survives the closing meeting. No hedging, no downgrades.
.svg)
Findings, AI governance reviews, cyber conformance mapping, board translation. The skills a practitioner would actually run, built by people who ran the function.
Built by former CAEs and Big Four alumni at Cherry Hill Advisory. Free. Every prompt and install step sent to your inbox in under a minute.
No spam. Unsubscribe anytime.
The Problem
Adoption is racing ahead of governance. In the IIA and Internal Audit Foundation's February 2026 survey, 83 percent of audit leaders expected to increase their use of AI over the next year, yet only about four in ten felt prepared to detect or respond to AI-enabled fraud. The functions racing to adopt are pasting fieldwork into chatbots that have never seen a Topical Requirement, a Standards domain, or an audit committee.
of audit leaders expect to increase their use of AI over the next year (IIA / Internal Audit Foundation, Feb 2026).
2026: the IIA Cybersecurity Topical Requirement became mandatory. Most plans are not mapped to all three pillars.
audit leaders feel prepared to detect or respond to AI-enabled fraud (IIA / Internal Audit Foundation, Feb 2026).
Sources: New Survey from The IIA and AuditBoard on AI-enabled fraud preparedness (Feb 2026); AuditBoard 2026 Focus on the Future; IIA Cybersecurity Topical Requirement, effective Feb 5, 2026.
What You Get
Each one encodes how a former chief audit executive actually does the work, then hands it to Claude so it runs the same way every time. Install steps and prompts go to your inbox.
01
Turn raw fieldwork notes into a five-element finding that survives the closing meeting. No hedging, no downgrades.
02
Score any AI estate against NIST AI RMF, ISO 42001, and the EU AI Act before the board asks if you are ready. You will be.
03
The IIA requirement went mandatory Feb 5, 2026. Map your plan to all three pillars and find the gap before your EQA does.
04
Turn an alphabetical vendor list into a risk-ranked population with a due-diligence plan. Catches the fourth-party concentration that surprises boards.
05
Rewrite any technical finding into the three sentences a board acts on: what is exposed, what it costs, what to decide.
06
Screen any payment or approval process against a deepfake-equipped attacker. The controls that survive are not the ones you think.
07
Objective, attributes, sample size, evidence, pass/fail criteria. Defined before fieldwork so the reviewer has nothing to send back.
08
Build a defensible audit universe and annual plan with the factor weighting documented. Survives audit-committee challenge.
09
Run the reviewer pass before your manager does. Tie-out, sufficiency, conclusion support, repeatability, in senior-reviewer format.
10
Walk into your required external quality assessment knowing what it will find. Conformance ratings across all five Standards domains.
How It Works
One zip. Ten folders. Each folder contains one SKILL.md — the full practitioner prompt and install instructions.
In Claude.ai: Settings → Capabilities → Skills. Zip the skill folder, upload the zip. Each skill activates automatically. Repeat for any of the ten you want.
Each skill has trigger phrases. Say "write a finding" and paste your fieldwork notes. Claude applies the practitioner standard every time.
Cherry Hill Advisory is a global practitioner-built internal audit and risk advisory firm, led by former CAEs and Big Four alumni, delivering co-sourced internal audit, EQA conformance, SOC 2 readiness, ERM, fraud risk management, SOX compliance, cybersecurity, and AI governance.
IIA Authorized Licensee. NASBA-accredited CPE provider.
Talk to a practitioner