๐งช Full Population Testing
Test every transaction in your population, not just a sample. Upload a CSV/Excel and define your test attribute; AI evaluates every row and produces a decision log.
Go to Engagement โ Population Testing AI
Upload your population CSV/Excel (up to 50,000 rows)
Enter the control name and test attribute (what makes a row pass/fail)
Click Start Testing โ AI processes rows in batches with a live progress bar
Review exceptions highlighted in red, download decision log as CSV
Click Save as Workpaper to save to your engagement file
๐ Testing Plan Executor
Upload your existing audit testing plan; AI follows it step by step against uploaded evidence.
Go to Engagement โ Plan Executor
Upload your testing plan (.docx, .pdf, or .txt)
Review the AI-parsed test procedures
Upload your evidence files (CSV, Excel, PDF)
Click Execute Plan โ AI works through each step
Review results and save complete workpaper
๐ Auto Decision Logs
Every Evidence Intelligence test automatically generates a structured decision log traceable to specific data points.
Go to AI Tools โ Evidence Intelligence
Upload documents and run Classify or Test
Decision log appears automatically below results
Click Download Decision Log for CSV export
Click Save Decision Log to store in Supabase
๐ต๏ธ Fraud Risk Assessment
Generate fraud risk assessments per ISA 240 for any business process.
Go to Engagement โ Fraud Risk
Select the process (Revenue, AP, Payroll, etc.)
Enter company context (size, industry, key systems)
Click Generate Assessment
Review top 10 fraud schemes with likelihood/impact ratings
Save as workpaper or export
๐ Management Action Plans
Track management responses to findings with owners, target dates, closure evidence.
Go to Engagement โ Action Plans
All open findings are listed automatically
For each finding toggle Agreed/Disagreed, enter response, assign owner, set target date
Click Submit โ email notification sent to auditor
Auditor clicks Re-test to mark finding closed
๐ก Regulatory Change Monitor
Automatic weekly scan of PCAOB, IIA, SEC, ISACA, FRC, FASB.
Go to Risk & Monitoring โ Regulatory Monitor
Page loads and AI scans for latest updates automatically
Review feed: source, date, summary, impact (High/Medium/Low), affected modules
Mark items as Reviewed or Action Required
Action Required items create notifications in your platform
๐ Industry Benchmarking
Compare your GRC metrics against anonymized industry medians.
Go to Reporting โ Benchmarking
Your metrics are pulled automatically from Supabase
Green = better than industry median, Red = below median
Click Share with Board to generate a PDF summary
๐ Resource Planning
Gantt-style engagement timeline with team capacity and deadline tracker.
Go to Platform โ Resource Planning
View all active projects on the Gantt timeline
Click a project bar to edit dates, status, lead email
Click + New Project to create an engagement
Click a team member row to edit weekly capacity
Use โ๏ธ Edit and โ Mark Complete on deadline rows
๐ MFA Setup
Add two-factor authentication using Google Authenticator or Authy.
Go to Settings โ Enable MFA
Scan the QR code with your authenticator app
Enter the 6-digit code to confirm
MFA is now active
๐ Enterprise API
REST API access to integrate AssurAI data into your own dashboards.
Go to Platform โ API Docs
Click Generate API Key in Settings
Use the key in the Authorization header: Bearer <key>
Endpoints: GET /api/v1/projects, /findings, /controls, /workpapers, /kris
Rate limit: 1000 requests/hour per key
๐ฅ Real-time Collaboration
Live comments and presence indicators on workpapers.
Open any workpaper in Workflow
See who else is viewing (presence indicator)
Scroll to the bottom for the comment thread
Type @ to mention a teammate
Comments trigger email notifications to preparer/reviewer
๐ฅ Excel Export
Export workpapers, findings, controls, evidence requests to formatted Excel.
Go to Workpapers, Findings, Controls, or Evidence Requests
Click ๐ฅ Export to Excel
Choose template: Standard, Big 4, or PCAOB
File downloads as AssurAI_[Page]_[Date].xlsx
SOX & ICFR
Full Section 404 workflow โ scoping, RCM, control testing, deficiency classification, PCAOB workpapers.
Internal Audit
IIA Standards-aligned engagement management โ planning, fieldwork, findings, board reporting.
Risk & ERM
COSO ERM framework โ risk register, heat maps, KRI monitoring, scenario analysis, board packs.
Compliance
Multi-framework compliance โ SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, cross-framework mapping.
BCM & Resilience
ISO 22301 aligned โ BIA, recovery planning, tabletop exercises, crisis communications.
Financial Intelligence
Benford's Law, JE review, revenue recognition, reconciliation testing, going concern.
New to AssurAI? Start by opening a module (e.g. SOX & ICFR), clicking "+ New Project", and running the Guided Project Wizard. It will walk you through every step of the engagement.
Create a project
Open any module page and click "+ New Project". Give it a name (e.g. "SOX FY2026") and description. The project appears in your dashboard and in the module's left panel.
Select a project
On pages like Risk Assessment, Executive Dashboard and Compliance Calendar, use the project dropdown at the top right to load data for a specific engagement.
View all projects
Go to /projects to see all active engagements across all modules, with phase progress and status.
๐ Workpaper Structure
Every workpaper has six mandatory sections matching Big 4 and IIA standards:
- Objective โ What are you testing and why?
- Scope & Population โ What period, what data, any exclusions?
- Test Procedures โ Step-by-step procedures performed
- Evidence Reference โ What evidence supports the conclusion (EV-01, EV-02...)
- Exceptions Noted โ Any control failures or anomalies found
- Conclusion โ Effective / Ineffective / Not Applicable
โ๏ธ Sign-Off Workflow
Every workpaper moves through a four-stage approval process:
- Draft โ Preparer is working on it. Can be edited.
- In Review โ Submitted to reviewer. Preparer clicks "Submit for Review โ"
- Approved โ Reviewer has approved content. Senior reviewer clicks "Approve"
- Signed Off โ Final lock. No further edits. PCAOB/IIA compliant.
Create a workpaper
Go to /workflow and click "+ New Workpaper". Fill in the Reference (e.g. WP-SOX-001), select a project, and complete all six structured sections.
Save as draft
Click "Save Draft" to save progress without submitting. You can return and edit at any time while in Draft status.
Submit for review
Click "Submit for Review โ" when complete. Status moves to In Review. The reviewer will be notified by email if notifications are configured.
View and export
Click "View" on any workpaper to see the full structured content. Click "Export PDF" to generate a print-ready workpaper with sign-off blocks.
AI shortcut: Run any AI tool from a module page to generate workpaper content automatically. Copy the output into the Test Procedures and Conclusion fields.
โ ๏ธ IIA 5C Finding Structure
- Condition โ What IS โ the issue found (factual, specific)
- Criteria โ What SHOULD BE โ the policy, standard or control requirement
- Cause โ Root cause โ WHY it happened
- Consequence / Effect โ Financial, operational or compliance impact
- Corrective Action / Recommendation โ Specific, actionable steps
๐ Remediation Workflow
- Open โ Finding logged, awaiting management response
- In Progress โ Management has acknowledged and is remediating
- Remediated โ Management confirms fix is complete. Evidence provided.
- Verified Closed โ Auditor re-tested and confirmed control now operating effectively
- Overdue โ Due date has passed and finding remains open (auto-flagged in red)
๐ Exporting Findings
Click "Export Report" in the top right of the Findings page to generate a formatted findings summary report โ suitable for management or audit committee presentation. Filter by status, severity or module before exporting.
Email alerts: When a finding becomes overdue, AssurAI automatically sends an email alert to the remediation owner. Alerts are also sent 3 days before the due date as a reminder.
๐๏ธ Control Attributes
- Control ID โ Unique identifier (e.g. SOX-JE-001)
- Control Type โ Preventive or Detective
- Frequency โ Daily, Weekly, Monthly, Quarterly, Annual, Transaction-level
- Automated / Manual โ System-enforced or human-performed
- SOX Key โ Flagged if it's a key control for Section 404
- Test Result โ Effective, Ineffective, or Not Tested
- Related Modules โ Which GRC modules this control applies to
๐ฌ Test Case vs Test Execution
- Test Case โ The test design: what to test, how, sample size, evidence required
- Test Execution โ The result of running the test: Pass, Fail, or Pass with Exceptions
AI-powered testing: Use the ITGC Testing Agent or Control Testing tool from any module to auto-generate test procedures, sample sizes and documentation guidance for any control.
๐ฏ SOX & ICFR Agents
SOX Scoping Agent
Identifies FSLIs, calculates materiality, produces scoping memo
Deficiency Assessment Agent
Classifies CD/SD/MW, drafts management letter language
RCM Builder Agent
Builds complete Risk and Control Matrix for any process
IPE Validator Agent
Tests completeness and accuracy of reports controls rely on
ITGC Testing Agent
Builds test procedures for all 4 ITGC domains
Rollforward Agent
Rolls prior year SOX programme forward with updated scope
๐ Internal Audit Agents
Audit Planning Agent
Risk-based audit plan with timing, hours and team assignments
Engagement Letter Agent
IIA-standard engagement letter ready to send
Finding Writer Agent
Complete IIA 5C finding in professional audit language
Fraud Risk Agent
Fraud scenarios, fraud triangle, ISA 240 test procedures
Audit Committee Report Agent
Board-ready AC pack with programme status and findings
Audit Universe Agent
Risk-scored audit universe with 3-year coverage plan
๐ก๏ธ Risk & ERM Agents
Risk Assessment Agent
Complete risk register with heat map and KRI recommendations
Risk Register Agent
20+ risks identified, scored, controls mapped, COSO aligned
Scenario Analysis Agent
Base / Adverse / Severe / Catastrophic scenarios modelled
Third-Party Risk Agent
Vendor scorecard across 5 risk dimensions
KRI Monitoring Agent
5 KRIs per risk with G/A/R thresholds and owners
How to run an agent: Go to /ai-agents, find the agent you need, click "โถ Run", describe your situation in the text box, and the agent produces complete output. All agents are available at all plan levels unless marked Professional+.
๐ How the Pipeline Works
Select your module
Choose SOX & ICFR, Internal Audit, Risk & ERM, Compliance, BCM, or Financial Intelligence.
Select a project
Use the dropdown to choose which engagement the output will be saved to.
Describe your engagement
Write a description of your company, situation and key areas of concern. The more detail, the better the output.
Click Run
Watch 5 agents run in sequence. Each agent's output feeds the next, building cumulatively on context.
Save to engagement
Click "๐พ Save to Engagement File" โ all 5 outputs are saved as draft workpapers in your selected project, ready for review.
AI-generated content should always be reviewed by a qualified professional before reliance. The pipeline produces a strong first draft โ not a finished deliverable without review.
Drop your documents
Upload any file type โ CSV, Excel, PDF, screenshots, emails. AI parses and classifies each automatically.
AI executes the test
The AI follows your audit procedure step by step, testing each control attribute against the evidence provided.
Get a workpaper
Every conclusion is linked to specific evidence. One click generates a formatted, sign-off-ready workpaper with full evidence traceability.
| Module | AI Tools | Frameworks | Key Features |
|---|---|---|---|
| ๐ก๏ธ SOX & ICFR | 24 tools | PCAOB AS 2201 | Scoping, RCM, materiality, ITGC, deficiency classification |
| ๐ Internal Audit | 22 tools | IIA IPPF | Engagement planning, fieldwork, findings, board reporting |
| ๐ Risk & ERM | 23 tools | COSO ERM ยท ISO 31000 | Risk register, heat maps, KRIs, scenario analysis, board packs |
| โ๏ธ Compliance | 16 tools | SOC 2 ยท GDPR ยท ISO 27001 ยท HIPAA ยท PCI | Gap assessments, policy drafting, certification campaigns |
| ๐ก๏ธ BCM & Resilience | 15 tools | ISO 22301 ยท NIST | BIA, recovery plans, tabletop exercises, crisis comms |
| ๐ฐ Financial Intelligence | 15 tools | ASC 606 ยท GAAP | Benford's Law, JE review, reconciliation, going concern |
Guided Project Wizard: Every module has a guided step-by-step wizard (yellow banner at the top of the tools panel). Click it to get a structured workflow from planning through reporting.
๐ก๏ธ Key SOX Tools
- Scoping & FSLI โ Materiality calculation, FSLI identification, scope documentation
- RCM Builder โ Risk and Control Matrix for any business process
- Control Testing โ Test procedure design, population and sample guidance
- Deficiency Analyzer โ CD / Significant Deficiency / Material Weakness classification
- ITGC Testing โ User access, change management, backup, privileged access
- SoD Analyzer โ Segregation of duties conflict identification
- IPE Assessment โ Information Produced by Entity testing
- Y/Y Rollforward โ Prior year programme rollforward
- SOX Certifications โ Sub-certification management (/sox-certifications)
๐ Risk Assessment Page (/risk-assessment)
A dedicated risk management workspace with:
- Risk Heat Map โ Visual 5ร5 likelihood ร impact grid with your risks plotted as dots
- Risk Register โ Full register with filtering by rating and status
- Risk by Category โ Bar chart showing risk distribution across categories
- + Add Risk โ Log any risk with full scoring, ownership and treatment status
๐ก๏ธ Risk Module Tools (23)
- AI Tools (16) โ KRI Dashboard, Third-Party Risk, Emerging Risk Radar, Bow-Tie Analysis, Risk Heat Map Builder, COSO ERM Assessment, Risk Register Builder, Risk Scoring Model, Residual Risk Analyzer, Scenario Analysis, Risk Treatment Plan, KRI Designer, Board Risk Report, Regulatory Change Monitor, Cyber Risk Assessment, FAIR Cyber Risk Model
- Calculators (2) โ Monte Carlo Simulator, Risk Quantification Calculator
- Templates (3) โ ERM Framework Builder, Risk Appetite Tool, Risk Taxonomy Designer
- Workflow (2) โ Risk Review Workflow, Risk Committee Pack
โ๏ธ Supported Frameworks
SOC 2 Type II ยท ISO 27001 ยท GDPR ยท HIPAA ยท PCI DSS v4.0 ยท CCPA ยท AML ยท ESG ยท NIST CSF ยท ISO 22301 ยท SOX ยท FedRAMP ยท DORA ยท and 12 more
๐ Dashboard KPIs
- Total Controls โ Controls in scope for the selected project
- Controls Tested % โ Percentage of controls with completed test executions
- Open Exceptions โ Active findings not yet remediated or closed
- High/Critical Risks โ Risks rated High or Critical in the risk register
- Days to Completion โ Set in project settings
Select a project from the dropdown to load live data. Click Refresh to update.
๐ What's Logged
- Workpaper created, edited, submitted for review, approved, signed off
- Finding created, status changed, remediated, verified closed
- Control tested, result recorded
- Project created or modified
- AI Agent Pipeline output saved to engagement
๐ฅ Exporting the Audit Trail
Click "Export CSV" to download the complete audit trail. Filter by entity type, action, actor or date range before exporting to narrow the output. The CSV is suitable for external auditor review.
Immutable: Audit trail entries cannot be modified or deleted โ not even by administrators. Every entry is timestamped and attributed to a specific user email.
๐ Using the Calendar
- Select a project from the dropdown to load its deadlines
- Click + Add Deadline to log a new deadline with owner, category and reminder setting
- Colour coding โ Red = overdue, Amber = due within 7 days, Blue = upcoming
- Upcoming Deadlines panel (right side) โ sorted list with days remaining
- Alerts โ Red banner for overdue, amber banner for items due within 7 days
Workpaper Export
Click "Export PDF" on any workpaper. Generates a print-ready document with sign-off blocks, evidence references and all structured sections.
Findings Report
Click "Export Report" on the Findings page. Generates a formatted findings summary with severity ratings, status, recommendations and management responses.
Audit Trail CSV
Click "Export CSV" on the Audit Trail page. Complete immutable log suitable for external auditor review.
Print Any Page
Every page has a print button or is print-optimised. Use Cmd+P (Mac) or Ctrl+P (Windows) for a clean printed version.
๐ด Pre-configured Monitors
- User Access Review โ SOX ITGC ยท Daily
- Journal Entry Anomalies โ SOX Financial ยท Daily
- Change Management โ SOX ITGC ยท Weekly
- Segregation of Duties โ SOX Controls ยท Weekly
- Vendor Payment Anomalies โ Fraud/AP ยท Daily
- Privileged Access Monitoring โ Cybersecurity ยท Hourly
Click "+ Add Monitor" to create custom monitors. Click "โถ Run" to test on-demand.
๐ How Cross Assurance Works
Describe your control
Go to /cross-assurance and describe the control you want to map โ or select from your control library.
AI maps to all frameworks
The engine identifies every applicable clause, requirement or control objective across 25 frameworks that your control satisfies.
Calculate savings
See estimated audit hour savings from eliminating duplicate testing across frameworks. Typical savings: 40โ60% of testing hours.
โ๏ธ Key Settings
- Risk Scoring Scale โ Choose 1-5, 1-10, RAG or High/Medium/Low
- Risk Appetite Statement โ Board-approved statement used across all modules
- Materiality Settings โ Basis, percentage, floor amounts
- Custom AI Prompts โ Customise AI output for workpapers, findings and reports
- Notification Preferences โ Email alerts for overdue findings, review requests, KRI breaches
- Integrations โ Connect Jira, Slack, Azure AD, Okta, AWS, GitHub (/integrations)
Excel Add-in: Run AI-powered audit tests directly inside Microsoft Excel. Download from /excel-addin or the Microsoft AppSource. Select any data range, choose a test (JE review, Benford's Law, user access), and get PCAOB-compliant findings written back to your sheet.