LR-301e · Module 3

Auditor Relationship Management

3 min read

The auditor is not an adversary. The auditor is a professional whose job is to verify compliance — and who would prefer to find compliance rather than non-compliance. Managing the auditor relationship means being responsive, transparent, and organized. Responsive: answer evidence requests within the agreed timeline. Transparent: surface potential issues proactively rather than waiting for the auditor to discover them. Organized: present evidence in a structured, navigable format.

Do This

Respond to evidence requests within the agreed timeline — late responses create suspicion and schedule pressure
Surface known gaps proactively — an organization that identifies its own gaps demonstrates maturity that auditors respect
Organize evidence submissions with clear references to the obligations they address — the auditor's job becomes verification, not discovery

Avoid This

Treat the auditor as an adversary to be managed — adversarial relationships produce more findings, not fewer
Hide known gaps and hope the auditor does not find them — hidden gaps that are discovered are treated more seriously than disclosed gaps
Submit evidence in bulk without organization — unorganized evidence wastes auditor time and invites deeper scrutiny