> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Duplicate an IRL audit

> Duplicates an existing IRL audit into a new audit engagement with the supplied
displayName, audit dates, early access date, and auditor roster. Company, audit
type, and framework are copied from the source audit and cannot be changed.

Each email in `allowAuditorEmails` must match an active user in the
authenticated audit firm's domain. Provision auditors via `POST /auditors`
before referencing them here, or copy emails from `GET /audits/{sourceAuditId}`
→ `allowAuditorEmails` when duplicating with the same roster.

Information requests are copied from the source audit. After duplication:

- Requests with Vanta evidence will be pre-filled and marked as internal review.

  Review them before sharing with your customer.
- Requests where evidence was not available or was uploaded externally will need

  evidence added manually.
- Evidence capture dates and due dates can be modified after duplication.

Rate limit: 10 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples post /audits/duplicate
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/duplicate:
    post:
      tags:
        - Audits
      summary: Duplicate an IRL audit
      description: >-
        Duplicates an existing IRL audit into a new audit engagement with the
        supplied

        displayName, audit dates, early access date, and auditor roster.
        Company, audit

        type, and framework are copied from the source audit and cannot be
        changed.


        Each email in `allowAuditorEmails` must match an active user in the

        authenticated audit firm's domain. Provision auditors via `POST
        /auditors`

        before referencing them here, or copy emails from `GET
        /audits/{sourceAuditId}`

        → `allowAuditorEmails` when duplicating with the same roster.


        Information requests are copied from the source audit. After
        duplication:


        - Requests with Vanta evidence will be pre-filled and marked as internal
        review.

          Review them before sharing with your customer.
        - Requests where evidence was not available or was uploaded externally
        will need

          evidence added manually.
        - Evidence capture dates and due dates can be modified after
        duplication.


        Rate limit: 10 requests / minute.
      operationId: Duplicate
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DuplicateAuditRequest'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Audit'
              examples:
                Example 1:
                  value:
                    id: 65fc81a3359c8508c9af880f
                    customerOrganizationName: corporation.com
                    customerDisplayName: Corporation Company
                    customerOrganizationId: 65fc81a3359c8508c9af880f
                    auditStartDate: '2024-03-07T21:25:56.000Z'
                    auditEndDate: '2024-03-14T21:25:56.000Z'
                    earlyAccessStartsAt: '2024-03-07T21:25:56.000Z'
                    framework: SOC 2 Type II
                    displayName: Q1 2024 SOC 2 Audit
                    allowAuditorEmails:
                      - sam@auditor.com
                    allowAllAuditors: true
                    deletionDate: '2024-03-07T21:25:56.000Z'
                    creationDate: '2024-03-07T21:25:56.000Z'
                    modificationDate: '2024-03-07T21:25:56.000Z'
                    completionDate: '2024-03-07T21:25:56.000Z'
                    auditFocus: EXTERNAL
                    auditorRequestListMetadata:
                      requestsSharedWithCustomer: '2024-03-07T21:25:56.000Z'
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: Duplicate
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.duplicate({
                sourceAuditId: "<id>",
                displayName: "Orpha.Schoen",
                auditStartDate: new Date("2024-01-02T08:34:53.150Z"),
                auditEndDate: new Date("2024-10-06T07:06:05.931Z"),
                earlyAccessStartsAt: new Date("2025-05-31T02:08:59.254Z"),
                allowAuditorEmails: [
                  "<value 1>",
                  "<value 2>",
                  "<value 3>",
                ],
              });

              console.log(result);
            }

            run();
        - lang: java
          label: Duplicate
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.components.DuplicateAuditRequest;

            import
            com.vanta.vanta_auditor_api.models.operations.DuplicateResponse;

            import java.lang.Exception;

            import java.time.OffsetDateTime;

            import java.util.List;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    DuplicateAuditRequest req = DuplicateAuditRequest.builder()
                            .sourceAuditId("<id>")
                            .displayName("Orpha.Schoen")
                            .auditStartDate(OffsetDateTime.parse("2024-01-02T08:34:53.150Z"))
                            .auditEndDate(OffsetDateTime.parse("2024-10-06T07:06:05.931Z"))
                            .earlyAccessStartsAt(OffsetDateTime.parse("2025-05-31T02:08:59.254Z"))
                            .allowAuditorEmails(List.of(
                                "<value 1>",
                                "<value 2>",
                                "<value 3>"))
                            .build();

                    DuplicateResponse res = sdk.audits().duplicate()
                            .request(req)
                            .call();

                    if (res.audit().isPresent()) {
                        System.out.println(res.audit().get());
                    }
                }
            }
components:
  schemas:
    DuplicateAuditRequest:
      description: Request body for duplicating an IRL audit into a new audit engagement.
      properties:
        sourceAuditId:
          type: string
          description: ID of the source IRL audit to duplicate.
        displayName:
          type: string
          description: Display name for the new audit engagement.
        auditStartDate:
          type: string
          format: date-time
          description: Start of the audit window for the new audit.
        auditEndDate:
          type: string
          format: date-time
          description: End of the audit window for the new audit.
        earlyAccessStartsAt:
          type: string
          format: date-time
          description: When auditors gain access to the new audit.
        allowAuditorEmails:
          items:
            type: string
          type: array
          description: >-
            Emails of auditors who may access the new audit. Minimum one entry
            required.

            Each email must match an active user in the authenticated audit
            firm's domain.
      required:
        - sourceAuditId
        - displayName
        - auditStartDate
        - auditEndDate
        - earlyAccessStartsAt
        - allowAuditorEmails
      type: object
      additionalProperties: false
    Audit:
      properties:
        id:
          type: string
          description: The unique identifier for the audit.
        customerOrganizationName:
          type: string
          description: >-
            The domain name of the customer organization being audited (e.g.
            vanta.com)
        customerDisplayName:
          type: string
          nullable: true
          description: >-
            The human readable name of the customer organization being audited
            (e.g. Vanta)
        customerOrganizationId:
          type: string
          description: The uuid of the customer organization being audited
        auditStartDate:
          type: string
          format: date-time
          description: >-
            The start of the audit window. This is also when data collection for
            audit starts.
        auditEndDate:
          type: string
          format: date-time
          description: The end of the audit window.
        earlyAccessStartsAt:
          type: string
          format: date-time
          nullable: true
          description: >-
            Timestamp at which auditors gain access to the audit. Occurs before
            the audit window begins
        framework:
          type: string
          description: The name of the framework for the audit
        displayName:
          type: string
          description: >-
            The display name for the audit. Returns the custom audit name if
            set,

            otherwise returns the framework name.
        allowAuditorEmails:
          items:
            type: string
          type: array
          description: Emails of auditors with access to audit
        allowAllAuditors:
          type: boolean
          description: Set to true if all auditors in audit firm have access
        deletionDate:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when the audit was deleted
        creationDate:
          type: string
          format: date-time
          description: Timestamp when the audit was created
        modificationDate:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when the audit was updated
        completionDate:
          type: string
          format: date-time
          nullable: true
          description: >-
            Timestamp when the audit was marked completed, and report was
            uploaded
        auditFocus:
          $ref: '#/components/schemas/AuditFocus'
          description: Audit focus determines if the audit is internal or external facing
        auditorRequestListMetadata:
          properties:
            requestsSharedWithCustomer:
              type: string
              format: date-time
              nullable: true
              description: >-
                Timestamp when information requests were shared with the
                customer. Null if not shared.
          required:
            - requestsSharedWithCustomer
          type: object
          description: >-
            Metadata about the auditor request list. This field is only present
            for IRL (Information

            Request List) based audits and will be undefined for standard
            audits. Use the presence

            of this field to differentiate between IRL and non-IRL audits.
      required:
        - id
        - customerOrganizationName
        - customerDisplayName
        - customerOrganizationId
        - auditStartDate
        - auditEndDate
        - earlyAccessStartsAt
        - framework
        - displayName
        - allowAuditorEmails
        - allowAllAuditors
        - deletionDate
        - creationDate
        - modificationDate
        - completionDate
        - auditFocus
      type: object
      additionalProperties: false
    AuditFocus:
      type: string
      enum:
        - EXTERNAL
        - INTERNAL
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````