How to Prepare for an Audit Using the GrantPipe Portal: Step-by-Step Workflow

What This Workflow Covers

An audit preparation workflow has two distinct parts: gathering the evidence and sharing it. Most attention goes to the gathering: finding documents, reconciling reports, filling gaps. The sharing step is where organizations routinely create a secondary problem. Emailed file attachments with no view log, shared drives with no expiry, or USB drives document nothing about who saw what.

This workflow covers how to use the GrantPipe Auditor & Funder Portal to make sharing controlled, logged, and defensible. The portal does not help you gather evidence. That work is yours to do before Step 1. The Auditor Evidence Checklist linked in the prerequisites covers what to gather.

Who runs this workflow: The finance director or grants manager creates and manages the portal session. The executive director may need to approve the scope before the link is sent for high-stakes reviews.

Estimated working time: 30-90 minutes to set up the session and send the invitation, assuming documents are already uploaded to GrantPipe. The document-gathering phase is separate and varies by organization and audit scope.

Step 1: Build the Evidence Bundle

The bundle review step is when you discover gaps before the auditor does. A missing document at this stage costs you an hour to find and upload. The same missing document discovered during fieldwork costs you a finding.

Use the Auditor Evidence Checklist to verify you have covered every category the auditor will typically sample: award documents, expenditure reports, time-and-effort records, supporting documentation, and the activity log.

Step 2: Invite the Auditor and Create the Session

Use the exact name from the engagement letter. The name appears on every audit trail entry, and if the session is ever cited in a finding or a management letter, the trail needs to identify the reviewer clearly.

Set the expiry date to the fieldwork end date. If you’re not sure when fieldwork will end, use the estimated date and create a new session if the engagement extends.

Step 3: Send the Link and Confirm Access

Follow up directly. Automated emails from grant management software have a higher probability of landing in spam than personal email. A quick confirmation call or message, “Did the portal link come through?”, saves you a day of unexplained delay.

Step 4: Monitor During Fieldwork

Watching the activity log during fieldwork is operational awareness, not oversight. An auditor who viewed every document except one is probably waiting on that document or couldn’t find it. Catching that early is faster for everyone.

If the auditor requests additional documents during fieldwork, add them to the bundle. The portal link the auditor already has will reflect the updated contents.

Step 5: Revoke and Retain

Revoke the session as soon as fieldwork is complete. Export the activity log and file it with your audit documentation. That log, showing who saw what and when, is evidence of controlled sharing. It answers the question any future auditor might ask: how was this evidence shared, and how do you know only the intended reviewer accessed it?

Definitions

Evidence bundle. A titled package of grant documents, reports, and restriction terms assembled for a specific review cycle and attached to a portal session.

External Review Session. The portal session record that defines the scope, the reviewer, and the expiry for a single external access event.

Audit trail. The append-only log of every change and access event in GrantPipe, used to reconstruct who saw or modified a record and when.

Internal Links and Templates

• Auditor Evidence Checklist: what to gather before building the bundle.
• Auditor & Funder Portal Software overview: the feature page explaining how the portal works.
• Audit Trail and Activity Log feature: how the underlying log is built and what it captures.
• Grant Compliance Audit Preparation guide: the broader audit prep workflow this portal step fits into.