Audits

Audits are executed inside missions and rely on questionnaires/templates.

Audit lifecycle

Draft (created, not started)
In progress (answers are being collected)
Completed (results available)
Published (client-visible report and results)

Audit families

IA: AI governance, AI Act alignment, model risk, lifecycle controls
REG: regulatory requirements mapping, policies, compliance
TECH: technical cybersecurity controls, architecture, hardening

Results

An audit can produce:

Global score and grade (optional per family)
Pillar scores (trendable over time)
Recommendations (tagged, prioritized)
Remediation actions (track execution)
Report with executive summary and conclusions

Good practices

Keep evidence attached to each critical answer
Document “Not applicable” decisions
Ensure recommendations are actionable and measurable

Missions Questionnaires