FinEdge, a mid-size B2B payments company, is preparing its transaction monitoring platform for a formal SOC 2 surveillance audit and a quarterly executive operating review. You are the program manager for a cross-functional team of 11 people spanning engineering, security, compliance, QA, and analytics. The audit is in 8 weeks, and the COO has flagged this program as high visibility because two enterprise renewals worth $4.2M ARR depend on demonstrating strong controls and clean documentation.
The Head of Compliance wants complete evidence, documented controls, and no surprises during the audit. The Engineering Manager wants to avoid derailing a parallel fraud-rules release already committed to customers. The COO expects a concise executive narrative with clear risks, owners, and recovery plans. The Security Lead is concerned that several access-review tasks are overdue and may surface in both the audit and executive review.
You have a fixed budget of $95,000 for external audit support, documentation cleanup, and temporary QA help. The team cannot add headcount, and only 3 engineers can spend more than 30% of their time on audit readiness because the fraud-rules launch must still ship in 6 weeks. There are 27 key controls to validate, 14 evidence artifacts missing or outdated, and 3 upstream dependencies on IT, Legal, and HR for policy attestations.