Docs

Retrospective Audit / Lookback skill (exchek-audit-lookback)

Run a self-audit on historical shipments or transactions. Provide a CSV or CRM export; the skill guides re-screening of parties and re-checking of ECCNs and license determinations against current rules. Produces a self-audit report with findings, risk rating, and remediation. No API key required.

What you need

  • Skill installed — Copy exchek-audit-lookback from the exchekskills repo.
  • Historical data — CSV or CRM export with transaction ID, date, party, ECCN, and destination.
  • Re-screening results (optional but recommended) — from the CSL skill.

How to use

  1. Install the skill — Install the skill (see Install), then ask your agent to run the lookback.
  2. Ask for a lookback or self-audit — Say things like:
    • "Audit my historical shipments"
    • "Lookback on last year's exports"
    • "Re-screen parties from this CSV"
    • "Self-audit report for these transactions"
    • "Flag where controls or licensing might be wrong now"
  3. Provide your CSV or CRM export — The agent will parse it and confirm column mapping if headers differ from the expected names (transaction ID, date, party, ECCN, destination). It will summarize scope: date range, number of transactions, number of unique parties.
  4. Re-screen path — The agent extracts unique parties and asks you to re-screen them (exchek-csl or your tool) and provide current results (pasted or file). It then merges results and builds screening-related findings (new hit, re-screen recommended, no change).
  5. Get the self-audit report — The agent fills the Self-Audit Report template: scope, findings table (screening / ECCN re-check / license re-check), overall risk rating, remediation summary, AI disclosure. You can save as Markdown and optionally as Word (.docx) or Apple Pages.

What the skill does not do

The skill does not perform classification, screening, or license determination. It does not call the CSL API or classification/license APIs. It consumes your historical data and (optionally) current screening results, flags where re-classification or re-run license determination is recommended, and produces the self-audit report. Final compliance decisions and remediation are your responsibility.

CUI and classified information

Handling CUI or classified data? See CUI / Classified Information.

Next steps