Annual Audit Plan & Scheduler

The problem this kills

Every year you rebuild the annual internal-audit plan from scratch in a spreadsheet. You eyeball which areas are due, try to remember who was audited last and when, hand-spread the work across the calendar, guess at who is free, and hope you didn't double-book an auditor or quietly skip a high-risk process for a second year running. By the time it's "done" it's already out of date, and there's no record of why an audit got moved.

It's slow, it's error-prone, and the one thing an auditor can least afford — a defensible, traceable plan — is the thing a spreadsheet gives you last.

What you'll build

A small, team-only web app that owns your audit universe (every auditable area, process, or site, with its risk rating and required frequency) and turns it into a real annual plan:

• Import your audit universe and auditor roster from a Google Sheet or CSV.
• The tool proposes a risk-weighted schedule — it spreads audits across the fiscal year by risk tier and required frequency, honors minimum frequency for high-risk areas, flags overdue and never-audited areas, and assigns lead auditors without double-booking anyone.
• You, the audit manager, review, edit, and approve the proposed plan before it becomes the published schedule.
• Once published, the plan is locked: rescheduling any audit requires a logged reason.
• Resend emails the right people as each audit's window opens.
• Export the published plan as a CSV in the exact columns your existing system expects.

What's inside the Implementation Plan

A step-by-step runbook you paste straight into an AI coding agent (Claude Code). It walks you from an empty folder to a working, deployed tool over a weekend — no prior coding needed.

The plan opens by interviewing you about your audit program — your fiscal calendar, your risk tiers and their required frequencies, how your audit universe is named and coded, your auditor roster and their capacity, your approval rules, and your messy exceptions (combined audits, follow-ups, regulator-driven audits, leavers). It reflects a short tailored spec back to you and waits for your thumbs-up before it builds anything, so the finished tool matches your audit program — not a generic template.

Inside you get:

• The discovery interview and how the agent turns your answers into the data model.
• A clean data model for the audit universe, auditors, the proposed schedule, and the published plan.
• The risk-weighting and spreading logic, with double-booking and frequency guards.
• The approval gate, the locked-plan reschedule-with-reason flow, and a full audit trail.
• The reminder emails via Resend.
• The CSV import fallback and the CSV export that matches your columns.
• Copy-paste prompts for every build step and a "how to know it works" checklist.

The governance it includes (this is the point)

This isn't a toy. The plan bakes in the controls an audit function actually needs to stand behind the plan:

• Login so only your team can open the tool.
• Row-level security so each organization only ever sees its own audit universe and plan.
• A complete audit trail — who proposed, edited, approved, and rescheduled what, and when.
• A human-in-the-loop approval gate — the AI proposes the schedule; nothing becomes the published plan until the audit manager reviews and approves it.
• A reason log for every reschedule of a locked audit, so a moved date is always explainable.
• Duplicate guards — the dedupe key is area + fiscal period, so one area can't be scheduled twice in the same cycle.

Who it's for

Internal audit managers, quality managers, and compliance leads who hand-build the annual audit plan in a spreadsheet every year and want a faster, defensible, repeatable way to do it — without hiring a developer or buying enterprise audit-management software.

You've got this. Open the Implementation Plan, paste the first prompt into your agent, and answer the interview — your annual plan builds itself from there.