Regulatory Compliance Audit
by @1kalin
Perform a comprehensive regulatory compliance audit covering US, UK, and EU frameworks across 8 domains with risk scoring and a 90-day remediation roadmap.
clawhub install afrexai-regulatory-complianceπ About This Skill
Regulatory Compliance Audit
Run a full regulatory compliance audit for any business. Covers US, UK, and EU frameworks across 8 compliance domains with gap analysis, risk scoring, and remediation timelines.
When to Use
How It Works
Step 1: Identify Applicable Frameworks
Based on the business profile (industry, geography, data types, revenue), determine which frameworks apply:| Framework | Triggers | |-----------|----------| | SOC 2 Type II | B2B SaaS, handles customer data | | GDPR | Any EU customer data, EU employees | | HIPAA | Any PHI (healthcare, benefits, wellness) | | PCI DSS | Processes, stores, or transmits card data | | ISO 27001 | Enterprise clients requesting certification | | SOX | Public company or preparing for IPO | | CCPA/CPRA | >$25M revenue OR >50K CA consumers | | NIST AI RMF | Deploying AI/ML in production | | UK DPA 2018 | UK operations or UK customer data | | FCA/PRA | UK financial services |
Step 2: 8-Domain Compliance Assessment
Score each domain 1-5 (1=non-existent, 5=mature):
Domain 1: Data Governance
Domain 2: Access Control & Identity
Domain 3: Security Operations
Domain 4: Business Continuity
Domain 5: Vendor & Third-Party Risk
Domain 6: HR & Personnel Security
Domain 7: AI & Automation Governance
Domain 8: Financial & Reporting Controls
Step 3: Risk Scoring Matrix
For each gap identified:
| Likelihood | Impact | Risk Score | Action Timeline | |-----------|--------|------------|-----------------| | High | High | Critical | Fix within 30 days | | High | Medium | High | Fix within 60 days | | Medium | High | High | Fix within 60 days | | Medium | Medium | Medium | Fix within 90 days | | Low | High | Medium | Fix within 90 days | | Low | Medium | Low | Next quarterly review | | Low | Low | Informational | Annual review |
Step 4: Remediation Roadmap
Build a 90-day plan:
Days 1-30: Critical Gaps
Days 31-60: Systematic Improvements
Days 61-90: Evidence & Documentation
Step 5: Compliance Cost Benchmarks (2026)
| Company Size | Annual Compliance Budget | Key Cost Drivers | |-------------|------------------------|-----------------| | 10-50 employees | $30K-$80K | SOC 2 audit ($15-30K), tools ($10-20K), training ($5-10K) | | 50-200 employees | $80K-$250K | + DPO/compliance hire ($80-120K), pen testing ($15-40K) | | 200-1000 employees | $250K-$800K | + GRC platform ($50-150K), multiple audits, legal counsel | | 1000+ employees | $800K-$3M+ | + Dedicated compliance team, continuous monitoring, regulatory filings |
Cost of non-compliance (real examples):
Step 6: Output Format
Generate a compliance report with: 1. Executive Summary β Overall maturity score (1-5), top 3 risks, recommended budget 2. Framework Applicability Matrix β Which frameworks apply and current certification status 3. Domain Scores β 8 domains with gap counts and risk distribution 4. Critical Findings β Top 10 gaps ranked by risk score with remediation steps 5. 90-Day Roadmap β Week-by-week action plan with owners and milestones 6. Budget Estimate β Compliance cost projection for next 12 months 7. Board Dashboard β One-page visual for board/investor reporting
Industry-Specific Requirements
| Industry | Primary Frameworks | Special Considerations | |----------|-------------------|----------------------| | SaaS/Technology | SOC 2, GDPR, CCPA | AI governance, open source licensing | | Healthcare | HIPAA, HITRUST, FDA (if devices) | PHI everywhere, BAAs required | | Financial Services | SOX, PCI DSS, GLBA, FCA/PRA | Transaction monitoring, AML/KYC | | Legal | ABA ethics, GDPR, privilege rules | Client confidentiality, conflict checks | | Construction | OSHA, environmental, bonding | Safety records, subcontractor compliance | | E-commerce | PCI DSS, CCPA/GDPR, FTC | Payment data, consumer protection, returns | | Manufacturing | ISO 9001, OSHA, EPA, export controls | Supply chain compliance, ITAR/EAR | | Real Estate | Fair Housing, AML, state licensing | Property data, transaction compliance | | Recruitment | EEOC, GDPR (candidate data), ban-the-box | AI hiring bias (NYC Local 144), background checks | | Professional Services | Industry-specific licensing, SOC 2 | Client data handling, engagement letters |
7 Compliance Audit Mistakes That Cost Companies Millions
1. Treating compliance as annual β It's continuous. Point-in-time audits miss 60% of gaps that develop mid-year. 2. Ignoring AI governance β NIST AI RMF and EU AI Act are here. Every production model needs documentation. 3. Vendor risk as checkbox β Your vendor's breach is your breach. Fourth-party risk is real. 4. No evidence retention system β If you can't prove compliance, you're not compliant. Automate evidence collection. 5. Security β compliance β You can be secure and non-compliant, or compliant and insecure. Address both. 6. Underbudgeting remediation β Plan for 2x the estimated remediation cost. Surprises are the norm. 7. Board reporting as afterthought β Boards that see compliance dashboards quarterly make better risk decisions.
Get the full compliance implementation toolkit for your industry:
Bundles: Playbook $27 | Pick 3 $97 | All 10 $197 | Everything $247