Audits
Manage audits and audit findings with the de.iterate SDK.
Overview
The audits resource provides operations for managing internal and external audits, including scheduling, tracking findings, and managing remediation.
List Audits
typescript
const audits = await client.audits.list();
console.log(`Found ${audits.length} audits`);
for (const audit of audits) {
console.log(` • ${audit.type} - ${audit.status}`);
}Response Example
json
[
{
"id": "AUD-001",
"type": "Internal Audit",
"scope": "Information Security Management System",
"owners": ["compliance-team@company.com"],
"auditor": "external-auditor@firm.com",
"scheduledDate": "2025-02-15",
"status": "scheduled",
"notes": "Annual ISMS audit",
"createdAt": "2024-12-01T10:00:00Z",
"updatedAt": "2024-12-01T10:00:00Z"
}
]Get Audit
typescript
const audit = await client.audits.get('AUD-001');
console.log(audit.type); // "Internal Audit"
console.log(audit.scope); // "Information Security Management System"
console.log(audit.scheduledDate); // "2025-02-15"Create Audit
typescript
const audit = await client.audits.create({
type: 'Internal Audit',
scope: 'Access Control Processes',
owners: ['compliance@company.com', 'security@company.com'],
auditor: 'internal-audit@company.com',
scheduledDate: '2025-03-01',
status: 'scheduled',
notes: 'Q1 Access Control Review',
});
console.log(`Created audit: ${audit.id}`);CreateAuditInput
| Field | Type | Required | Description |
|---|---|---|---|
type | string | ✅ | Audit type (Internal, External, Surveillance, etc.) |
scope | string | ❌ | Audit scope description |
owners | string[] | ❌ | Audit owners/responsible parties |
auditor | string | ❌ | Lead auditor |
scheduledDate | string | ❌ | Scheduled audit date |
status | string | ❌ | Audit status |
notes | string | ❌ | Additional notes |
Update Audit
typescript
const updated = await client.audits.update('AUD-001', {
status: 'in-progress',
notes: 'Audit commenced on schedule',
});Delete Audit
typescript
await client.audits.delete('AUD-001');Audit Findings
List Findings for Audit
typescript
const findings = await client.audits.listFindings('AUD-001');
console.log(`Found ${findings.length} findings`);
for (const finding of findings) {
console.log(` • ${finding.title} (${finding.severity})`);
}Create Finding
typescript
const finding = await client.audits.createFinding('AUD-001', {
title: 'Missing Access Reviews',
description: 'Quarterly access reviews not performed for privileged accounts',
severity: 'high',
control: 'A.9.2.5',
assignee: 'security-team@company.com',
dueDate: '2025-04-01',
});
console.log(`Created finding: ${finding.id}`);CreateFindingInput
| Field | Type | Required | Description |
|---|---|---|---|
title | string | ❌ | Finding title |
description | string | ✅ | Detailed description |
severity | 'low' | 'medium' | 'high' | 'critical' | ❌ | Severity level |
status | string | ❌ | Finding status |
assignee | string | ❌ | Assigned to |
dueDate | string | ❌ | Remediation due date |
control | string | ❌ | Related control ID |
linkedDocuments | string[] | ❌ | Related document IDs |
Update Finding
typescript
const updated = await client.audits.updateFinding('AUD-001', 'FND-001', {
status: 'in-remediation',
assignee: 'new-owner@company.com',
});Delete Finding
typescript
await client.audits.deleteFinding('AUD-001', 'FND-001');Types
Audit
typescript
interface Audit {
id: string;
type: string;
scope?: string;
owners?: string[];
auditor?: string;
scheduledDate?: string;
status?: string;
notes?: string;
tenantId?: string;
createdBy?: string;
createdAt?: string;
updatedAt?: string;
}Finding
typescript
interface Finding {
id: string;
title?: string;
description: string;
severity?: 'low' | 'medium' | 'high' | 'critical';
status?: string;
assignee?: string;
dueDate?: string;
control?: string;
linkedDocuments?: string[];
auditId?: string | null;
origin?: 'audit' | 'standalone';
tenantId?: string;
createdBy?: string;
createdAt?: string;
updatedAt?: string;
}Examples
Audit Dashboard
typescript
async function auditDashboard() {
const audits = await client.audits.list();
const byStatus: Record<string, number> = {};
let totalFindings = 0;
for (const audit of audits) {
const status = audit.status || 'unknown';
byStatus[status] = (byStatus[status] || 0) + 1;
const findings = await client.audits.listFindings(audit.id);
totalFindings += findings.length;
}
console.log('Audit Dashboard');
console.log('===============');
console.log(`Total Audits: ${audits.length}`);
console.log(`Total Findings: ${totalFindings}`);
console.log('\nBy Status:');
for (const [status, count] of Object.entries(byStatus)) {
console.log(` ${status}: ${count}`);
}
}Find High-Severity Findings
typescript
async function findHighSeverityFindings() {
const audits = await client.audits.list();
const highSeverity: Finding[] = [];
for (const audit of audits) {
const findings = await client.audits.listFindings(audit.id);
const high = findings.filter(f =>
f.severity === 'high' || f.severity === 'critical'
);
highSeverity.push(...high);
}
console.log(`High/Critical Findings: ${highSeverity.length}`);
for (const finding of highSeverity) {
console.log(` • [${finding.severity}] ${finding.title}`);
console.log(` Assignee: ${finding.assignee || 'Unassigned'}`);
console.log(` Due: ${finding.dueDate || 'No due date'}`);
}
}Complete Audit Workflow
typescript
async function completeAuditWorkflow() {
// 1. Create audit
const audit = await client.audits.create({
type: 'Internal Audit',
scope: 'Data Protection Controls',
scheduledDate: '2025-02-01',
});
// 2. Update status to in-progress
await client.audits.update(audit.id, { status: 'in-progress' });
// 3. Add findings
await client.audits.createFinding(audit.id, {
title: 'Encryption Gap',
description: 'Data at rest not encrypted for legacy systems',
severity: 'high',
control: 'A.10.1.1',
});
// 4. Complete audit
await client.audits.update(audit.id, {
status: 'completed',
notes: 'Audit completed with 1 high-severity finding',
});
console.log(`Audit ${audit.id} completed`);
}Next Steps
- Findings - Standalone findings
- Corrective Actions - Remediation tracking
- Incidents - Incident management