Suite Overview
ARCHITECTURE Β· PURPOSE Β· KEY CONCEPTS
The Agentic AI Audit Suite is an enterprise-grade platform that uses a network of 10 specialized AI agents to automate and enhance IT audit procedures β specifically focused on IT General Controls (ITGC) and IT Application Controls (ITAC) testing for SOX compliance and beyond.
Instead of manually extracting data, writing test scripts, and formatting workpapers, you instruct agents in plain language, and they autonomously gather evidence, test controls, identify exceptions, and generate audit-ready reports β all while your data never leaves your environment.
Platform Architecture
// Agentic AI Audit Suite β System Architecture
Key Concepts
Autonomous Agents
Each agent is a specialized AI model trained for a specific audit task. They work independently and collaboratively under the Orchestrator's direction.
Orchestrator
The master coordinator that receives your instructions, breaks them into tasks, assigns them to the right agents, and synthesizes results.
Zero Exfiltration
All data processing happens within your secure environment. No audit data is ever sent to external servers or AI providers.
Parallel Execution
Multiple agents can run simultaneously on different test areas, dramatically cutting the time needed to complete a full audit cycle.
Getting Started
SETUP Β· LOGIN Β· FIRST AUDIT RUN
Follow these steps to get up and running with the Agentic AI Audit Suite for the first time. The entire setup process typically takes under 10 minutes.
Initial Setup
1
Access the Suite
Navigate to the Agentic AI Audit Suite URL provided by your administrator. The suite runs entirely in your browser β no installation required. Supported browsers: Chrome 100+, Firefox 100+, Edge 100+.
2
Log In with Your Credentials
Enter your enterprise email and password. In this static client-side build, SSO sign-in is not active. Use local credentials for demo/testing flows, then configure enterprise SSO only when connected to a backend identity provider.
3
Connect Your First Data Source
Go to Settings β Data Sources and click + Add Source. Choose from ERP systems, Active Directory, cloud environments, or file uploads. See the Data Connectivity section for full details on each connector type.
4
Select Your Audit Scope
On the main dashboard, click New Audit. Choose your audit type: ITGC, ITAC, SOX, or Cloud. Select the fiscal period, business units, and specific control domains you want to test.
5
Run Your First Agent Task
In the Orchestrator-style chat panel, type a plain-language instruction like: "Test all user access controls for the Finance module in SAP for Q4 2025". In static mode this is conceptual guidance and local assistant behavior; full orchestration requires a connected backend runtime.
6
Review Results & Export
Once agents complete their tasks, findings appear in the Results Dashboard. Review exceptions, approve workpapers, and export audit-ready reports in PDF, Excel, or your GRC tool's format.
Pro Tip β Plain Language Works Best
The Orchestrator is designed to understand natural audit terminology. Don't worry about exact syntax. Instructions like "Find all segregation of duties conflicts in the AP process" work perfectly.
Dashboard at a Glance
// Main Dashboard Layout
You're Ready!
Once you've completed setup, the dashboard is your control center. The green dots in the Agent Status panel confirm your agents are online and ready to receive tasks.
New Organization Rollout
LATEST FEATURES Β· DAY 0 TO GO-LIVE FLOW
This section is designed for first-time organizations adopting the suite. It explains what is new in v4.0 ENTERPRISE and the recommended operating flow from initial setup through audit sign-off.
What's New in the Latest Build
| Feature | What It Adds | Where To Use It |
|---|---|---|
| Compact App Switcher | Smaller floating navigation with responsive sizing to reduce overlap on smaller windows and dense dashboards. | Available on all suite pages via the lower-right switcher button. |
| Tap/Click App Switcher Toggle | Switcher now supports click/tap and keyboard toggle in addition to hover, improving usability on touch devices. | Use the switcher button on mobile/tablet or when hover behavior is unavailable. |
| UAT Console Guardrails | Prominent Admin/Developer-only warning to prevent unauthorized operational usage. | uat.html for controlled testing and release validation. |
| Evidence Vault Demo Continuity | Deterministic fallback rows ensure vault UI always renders meaningful records in static/demo mode. | vault.html for evidence traceability walkthroughs and demos. |
| ITGC/ITAC Stable Rendering | Table rendering now initializes reliably on load with consistent control IDs and filters. | itgc-controls.html and itac-testing.html. |
| Governance Demo Fallbacks | KPI and risk widgets populate with fallback values when backend feeds are unavailable. | governance.html for executive readiness and risk snapshots. |
Page-by-Page Functional Flow
| Page | Primary Use | What New Teams Should Do First |
|---|---|---|
index.html |
Suite entry point and orientation | Review advisory framing, then move to the Master Audit Suite using the App Switcher. |
app.html |
Main audit workspace and orchestration entry | Set your initial scope (process, period, domain) and run first pilot tasks. |
itgc-controls.html / itac-testing.html |
Control-level testing execution | Validate control population, filter by domain, and confirm evidence/test alignment. |
vault.html |
Evidence traceability and integrity view | Verify each high-risk finding has evidence lineage and review status progression. |
governance.html |
Executive KPIs, risks, and oversight | Use weekly governance reviews to prioritize remediation and ownership. |
reports.html |
Management and audit reporting outputs | Generate stakeholder packs and confirm message consistency with governance priorities. |
settings.html |
Configuration and data source administration | Finalize source access, refresh cadence, and environment-level controls. |
uat.html |
Controlled UAT and release validation | Run pre-release checks with admin/dev users before broad rollout. |
help.html |
Operating model, standards, troubleshooting | Use this page as the onboarding source of truth for all new users. |
Role-Based First-Week Checklist
| Role | Week 1 Priorities | Success Criteria |
|---|---|---|
| Platform Admin | Configure users/roles, validate data connectors, finalize environment settings. | All core users onboarded and source connections tested successfully. |
| Audit Manager | Define pilot scope, assign reviewers, set risk thresholds and escalation paths. | Pilot control set approved with clear review cadence and owners. |
| Auditor | Execute ITGC/ITAC tests, validate evidence, triage findings for remediation. | Initial test cycle completed with documented rationale and next actions. |
| Risk/Compliance Lead | Review governance risk posture, challenge ratings, and confirm remediation SLAs. | Top-risk backlog prioritized with accountable owners and timelines. |
| Executive Stakeholder | Review dashboard narrative, sign off operating rhythm, approve reporting format. | Agreement on monthly/quarterly reporting pack and decision checkpoints. |
Recommended End-to-End Flow for a New Organization
1
Foundation and Access Setup
Confirm deployment environment, create role-based users (Admin, Manager, Auditor), and validate local authentication or your planned identity integration.
2
Data Source Onboarding
Connect read-only ERP/Directory/Cloud sources, run test connections, and define scoped datasets for initial pilot periods.
3
Control Library Baseline
Review ITGC and ITAC control sets, map domains, and align test procedures to your internal policy and SOX control inventory.
4
Pilot Execution (2-4 Weeks)
Run a pilot in one business unit, review exceptions in governance and reports, and calibrate thresholds, sampling, and remediation routing.
5
Operational Rollout
Expand to additional entities/processes, enable recurring run cadence, and use the vault to preserve evidence lineage for audit review.
6
Executive and External Reporting
Publish management-ready reports, issue trackers, and SOX-ready documentation packs for internal stakeholders and external auditors.
Suggested Operating Rhythm
Weekly: run high-risk controls and review exceptions. Monthly: governance/risk review and remediation follow-up. Quarterly: full reporting pack with SOX mapping and evidence completeness checks.
End User Playbook
DAILY USAGE Β· TEAM HANDOFFS Β· DECISION FLOW
This playbook is written for end users who need to run audits, investigate findings, and communicate outcomes. It focuses on practical actions by page, by role, and by time horizon.
First 30 Minutes for a New User
1
Open Settings and Validate Connectors
Go to
settings.html and configure at least one source (ERP, ITSM, cloud, or SFTP) using read-only credentials, then run Test Connection.2
Define Scope in the Master Audit Suite
Move to
app.html and choose period, process/domain, and pilot boundary before launching work.3
Run ITGC and ITAC Validation Passes
Use
itgc-controls.html and itac-testing.html to validate control rendering, test outputs, and exception visibility.4
Cross-Check Evidence in Vault
Open
vault.html and verify evidence lineage for material findings (status, timestamp, and record continuity).5
Prepare Governance and Reporting Pack
Use
governance.html for risk posture and reports.html for management-ready output and handoff.Operational Flow by Cadence
| Cadence | Core Activities | Pages | Primary Owner |
|---|---|---|---|
| Daily | Review connector health, run scoped tests, triage new exceptions, attach/verify evidence. | settings.html, app.html, itgc-controls.html, itac-testing.html, vault.html |
Auditor / Analyst |
| Weekly | Reassess risk priority, remediation progress, overdue actions, and high-impact findings. | governance.html, reports.html |
Audit Manager / Risk Lead |
| Monthly | Publish leadership report pack, update control strategy, and confirm scope for next cycle. | reports.html, help.html, settings.html |
Audit Manager / Executive Sponsor |
| Quarterly | Perform full SOX/ICFR readiness review, evidence completeness check, and UAT release validation. | governance.html, reports.html, vault.html, uat.html |
Program Owner + Admin/Dev |
Decision Guide for End Users
| If You Need To... | Start Here | Then Go To | Expected Outcome |
|---|---|---|---|
| Connect a new ERP or platform | settings.html Data Sources |
app.html pilot run setup |
Connector marked connected and available for test workflows. |
| Validate a high-risk control failure | itgc-controls.html or itac-testing.html |
vault.html evidence verification |
Confirmed exception with traceable evidence and next action owner. |
| Brief leadership on risk posture | governance.html |
reports.html export package |
Aligned narrative from KPI to action plan and report output. |
| Prepare for release/UAT signoff | uat.html (Admin/Developer only) |
help.html troubleshooting and controls reference |
Release readiness checklist completed with known issues tracked. |
End-User Guardrail
Treat outputs as advisory decision support. Final conclusions, attestation language, and external reporting must be reviewed and approved by qualified audit professionals.
The 10 AI Agents
ROLES Β· INPUTS Β· OUTPUTS Β· HOW TO USE
The suite includes 10 specialized AI agents, each built for a distinct audit function. You don't need to invoke agents directly β the Orchestrator does this automatically based on your instructions. However, understanding each agent helps you give better instructions and interpret results.
| Agent | Primary Role | Key Inputs | Key Outputs | Domain |
|---|---|---|---|---|
| 01 β Evidence Collector π | Autonomously gathers audit evidence from connected data sources β screenshots, logs, reports, exports | Data source credentials, control descriptions, date ranges | Evidence packages, timestamps, source metadata | ITGC |
| 02 β Control Tester βοΈ | Executes predefined and custom test scripts against controls, evaluates pass/fail criteria, documents rationale | Control framework, sample data, test criteria | Test results matrix, pass/fail counts, confidence scores | ITGC |
| 03 β Exception Analyzer β οΈ | Deep-dives into failed tests; determines root cause, business impact, risk level, and recommends remediation | Test failures, control metadata, system logs | Exception reports, risk ratings, remediation recommendations | ITGC ITAC |
| 04 β Workpaper Drafter π | Auto-generates audit workpapers in your firm's format with all required fields populated and evidence linked | Test results, evidence files, control descriptions | Formatted workpapers (Word/PDF), evidence cross-references | Both |
| 05 β SOX Mapper πΊοΈ | Maps controls and test results to COSO framework, SOX 302/404 requirements, and financial statement line items | Controls inventory, FSLI mapping table, risk matrix | SOX control matrix, FSLI linkages, COSO alignment report | SOX |
| 06 β AWS Cloud Auditor βοΈ | Scans AWS environments for security misconfigurations, policy violations, and compliance gaps against CIS/NIST | AWS account access (read-only), CloudTrail logs, Config snapshots | Cloud security findings, compliance scorecard, remediation priorities | Cloud |
| 07 β Access Review Agent π | Analyzes user access rights, identifies SoD conflicts, excess privileges, orphaned accounts, and toxic combinations | AD exports, ERP role assignments, HR termination data | SoD conflict matrix, access certification report, orphaned accounts list | ITAC |
| 08 β Change Mgmt Agent π | Reviews change tickets, validates proper approvals, segregation, testing evidence, and unauthorized changes | ITSM exports (ServiceNow/JIRA), change logs, approver matrices | Unauthorized change list, approval gap analysis, change frequency report | ITGC |
| 09 β Risk Scorer π | Aggregates findings across all agents, applies risk scoring model, prioritizes issues by impact and likelihood | All agent findings, business impact data, prior year issues | Risk heat map, top-10 issues list, overall audit risk score | Both |
| 10 β Report Generator π | Compiles the final audit report with executive summary, detailed findings, management responses, and action plans | All findings, management responses, remediation deadlines | Audit report (PDF/Word), management letter, issue tracker export | Both |
ITGC Agents: Agents 01, 02, 03, 05, and 08 are primarily focused on IT General Controls β access, change management, operations, and program development.
| Agent | ITGC Domain | Typical Test |
|---|---|---|
| 01 β Evidence Collector | All ITGC domains | "Collect 25 change tickets from ServiceNow for Q3 with all approval fields" |
| 02 β Control Tester | Access, Change, Operations | "Test that all production changes have documented approvals and testing evidence" |
| 03 β Exception Analyzer | All domains | "Analyze the 12 failed change tests and determine root cause for each" |
| 05 β SOX Mapper | SOX 404, COSO | "Map ITGC results to SOX financial statement risk areas" |
| 08 β Change Mgmt Agent | Program Change | "Review all emergency changes in Q4 for proper post-implementation approval" |
ITAC Agents: Agents 07 and parts of 02, 03 focus on application-level controls β input validation, interface controls, processing controls, and access within specific applications.
| Agent | ITAC Domain | Typical Test |
|---|---|---|
| 07 β Access Review Agent | Logical Access, SoD | "Identify all SAP users with both create PO and approve PO access" |
| 02 β Control Tester | Input/Processing Controls | "Test that duplicate invoice controls are functioning in Oracle AP module" |
| 03 β Exception Analyzer | Processing exceptions | "Analyze all transactions that bypassed three-way match controls" |
Support Agents: Agents 04, 09, and 10 provide cross-cutting capabilities β documentation, risk aggregation, and reporting β serving both ITGC and ITAC workstreams.
| Agent | Function | When It Runs |
|---|---|---|
| 04 β Workpaper Drafter | Automated documentation | After each control test is completed |
| 09 β Risk Scorer | Aggregated risk prioritization | After all test agents complete; before final report |
| 10 β Report Generator | Final report compilation | On-demand or after full audit cycle completion |
ITGC Testing
IT GENERAL CONTROLS Β· WORKFLOW Β· DOMAINS
IT General Controls (ITGCs) are foundational controls that underpin all application controls. They operate at the infrastructure and IT management level. A weakness in ITGCs can undermine the reliability of every application control built on top.
The suite tests four primary ITGC domains: Logical Access, Change Management, Computer Operations, and Program Development.
ITGC Testing Workflow
// ITGC Testing End-to-End Workflow
ITGC Domain Deep Dive
Logical Access Controls
Tests user provisioning/deprovisioning, privileged access management, password policy enforcement, and quarterly access reviews. Agents pull Active Directory exports and ERP user lists automatically.
Change Management
Validates that all production changes are authorized, tested, and approved. Tests emergency change procedures, segregation of change initiator/approver, and post-implementation review.
Computer Operations
Reviews batch job scheduling, job failure monitoring, backup and recovery procedures, data center physical security logs, and capacity management practices.
Program Development
Assesses SDLC controls including requirements documentation, testing phases (unit, UAT), go-live authorization, and segregation of developer/production access.
How to Run an ITGC Test
// Example Orchestrator instructions for ITGC testing
// Access Controls
"Test user access controls for SAP Finance module. Sample 25 users,
verify active employment status, check for SoD conflicts, and
confirm quarterly review completion for Q4 2025."
// Change Management
"Review all production changes in ServiceNow from Oct-Dec 2025.
Flag any changes without documented approval, testing evidence,
or that were implemented by the same person who requested them."
// Computer Operations
"Collect evidence of backup procedures for the Oracle database.
Verify backup testing occurred monthly and document any failures."
ITAC Testing
APPLICATION CONTROLS Β· TYPES Β· TESTING APPROACH
IT Application Controls (ITACs) are automated controls embedded within specific software applications. They ensure the completeness, accuracy, validity, and integrity of transactions processed by those applications.
Unlike ITGCs which are general, ITACs are application-specific β they're tested within the context of a particular system (e.g., SAP, Oracle, Workday) and a particular business process (e.g., Accounts Payable, Payroll, Revenue).
ITAC Control Types
| Control Type | What It Does | Example | How Agents Test It |
|---|---|---|---|
| Input Controls | Validate data entered into the system is accurate and complete | Mandatory fields, data format validation, range checks | Agent 02 attempts invalid inputs and confirms rejections are logged |
| Processing Controls | Ensure transactions are processed completely and accurately | Three-way match in AP, calculation accuracy in payroll | Agent 02 traces sample transactions end-to-end through the system |
| Output Controls | Verify that system outputs are complete, accurate, and distributed to the right people | Report distribution lists, output reconciliation | Agent 01 collects output logs; Agent 02 reconciles to input totals |
| Interface Controls | Ensure data transferred between systems is complete and accurate | ERP to data warehouse reconciliation, payroll system integration | Agent 01 extracts interface logs; Agent 02 performs completeness check |
| Access Controls (App-level) | Restrict access to application functions based on job role | Payment approval limits, GL journal entry restrictions | Agent 07 maps user roles to functions and tests SoD conflicts |
Important: ITAC Reliance on ITGC
You can only rely on ITAC results if the underlying ITGCs are effective. If ITGCs fail (e.g., unauthorized access to application configuration), ITACs may be compromised. The suite automatically flags this dependency in the Risk Scorer output.
ITAC Testing Workflow
// ITAC Assessment Flow β Key Decision Points
Data Connectivity
CONNECTING SOURCES Β· SUPPORTED SYSTEMS Β· SECURITY
The suite connects to your existing systems to automatically pull audit evidence. All connections use read-only access β agents can never write, modify, or delete data in source systems. Data is processed in-memory within your environment and is never stored on external servers.
Supported Data Sources
| Source Type | Systems Supported | Auth Method | What's Pulled |
|---|---|---|---|
| ERP Systems | SAP, Oracle E-Business Suite, Workday, NetSuite, Dynamics 365 | Service Account / OAuth | User roles, transaction logs, journal entries, approval workflows |
| Identity & Access | Active Directory, Azure AD, Okta, Ping Identity | LDAP / OAuth 2.0 | User accounts, group memberships, last login, disabled accounts |
| ITSM / Ticketing | ServiceNow, JIRA, Remedy, Freshservice | API Key / OAuth | Change tickets, incident records, approvals, timestamps |
| Cloud Platforms | AWS, Azure, GCP | Read-only IAM Role | CloudTrail, Config snapshots, IAM policies, security groups |
| Databases | SQL Server, Oracle DB, PostgreSQL, MySQL | Read-only SQL User | Custom queries, table extracts, audit log tables |
| File Uploads | CSV, Excel, PDF, JSON | Direct Upload | Any structured data you provide manually |
| HR Systems | Workday, SuccessFactors, UKG | API Key | Employee roster, hire/term dates, department assignments |
Adding a Data Source (Step-by-Step)
1
Go to Settings β Data Sources
Click the gear icon in the left navigation, then select "Data Sources" from the settings menu.
2
Click "+ Add Source" and Choose Type
Select your system type from the dropdown. The form will auto-configure to ask for the right credentials for that system type.
3
Enter Connection Details
Provide the hostname/URL, port, and authentication credentials. For cloud systems, you'll paste a read-only API key or assume a role ARN. All credentials are encrypted at rest using AES-256.
4
Test Connection
Click "Test Connection". The suite will attempt to authenticate and verify read access. A green checkmark means you're connected. Red means check your credentials or network firewall rules.
5
Configure Sync Schedule (Optional)
Set up automatic data refreshes (hourly, daily, or on-demand). For audit evidence, we recommend "on-demand" to capture point-in-time snapshots for each audit run.
Always Use Read-Only Accounts
Never use admin or write-enabled accounts for data source connections. Create dedicated service accounts with minimum required read permissions. This is both a security best practice and an audit independence requirement.
Security & Privacy
ZERO EXFILTRATION Β· ENCRYPTION Β· ACCESS CONTROLS
Security and data privacy are the foundational design principles of this suite. Given that it handles sensitive financial and operational data, the architecture is built around a Zero Trust, Zero Exfiltration model.
Zero Data Exfiltration β How It Works
// Zero Exfiltration Architecture β Data Never Leaves Your Environment
Security Feature Summary
| Security Feature | Implementation | Benefit |
|---|---|---|
| Zero Data Exfiltration | All agent processing runs locally; no data sent to external AI APIs | Audit data stays within your compliance boundary |
| Encryption at Rest | AES-256 for all stored configurations and credentials | Credentials safe even if storage is compromised |
| Encryption in Transit | TLS 1.3 for all internal and external communications | Data cannot be intercepted in transit |
| Read-Only Data Access | Agents have read-only permissions to all source systems | No risk of accidental data modification |
| Role-Based Access Control | Admin, Manager, Auditor, Read-Only roles with granular permissions | Users see only what their role allows |
| Full Audit Trail | Every agent action, data access, and user change is logged immutably | Complete accountability and forensic capability |
| MFA Support | TOTP, hardware keys, SSO integration supported | Protects against credential theft |
Reports & Exports
GENERATING Β· FORMATS Β· CUSTOMIZATION
The suite generates audit-ready reports automatically. The Report Generator agent (Agent 10) compiles all findings from every other agent and structures them into professional documentation with executive summaries, detailed findings, evidence cross-references, and management action plans.
Report Types
Full Audit Report
Complete formal report with executive summary, scope, methodology, findings by risk rating, management responses, and appendices. Available in PDF and Word.
Workpapers
Individual control workpapers with test procedures, samples selected, results, and auditor sign-off fields. Structured to meet your firm's workpaper standards.
Exception Tracker
Excel/CSV export of all exceptions with risk ratings, responsible owners, remediation deadlines, and status. Can be imported into GRC tools.
SOX Control Matrix
Control-to-FSLI mapping with test results, effective/ineffective designations, and COSO alignment. Required for 404 reporting.
Risk Heat Map
Visual dashboard showing control effectiveness plotted by impact and likelihood. Helps management prioritize remediation efforts.
Management Letter
Concise formal communication to senior management summarizing significant deficiencies and material weaknesses with recommended remediation actions.
Exporting Reports
1
Navigate to Reports in the Left Menu
Click "π Reports" in the navigation sidebar to see all generated and draft reports.
2
Select Report and Click "Generate" or "Export"
For a new report, click "Generate Report" and select your audit scope. For an existing draft, click "Export" and choose your format.
3
Choose Format and Customize
Select PDF, Word (DOCX), Excel, or CSV. You can toggle sections on/off β e.g., exclude appendices for an executive summary version. Apply your company's letterhead template if configured.
4
Download or Send for Review
Download directly, or use the "Send for Review" feature to route the report through your firm's approval workflow before finalization.
SOX Compliance
MAPPING Β· COSO Β· 302/404 SUPPORT
The suite is purpose-built for Sarbanes-Oxley (SOX) compliance. The SOX Mapper agent (Agent 05) automatically links your controls and test results to the COSO Internal Control framework and SOX Section 302/404 requirements, creating the documentation required for external auditor reliance and management's annual assessment.
SOX 404 Process Support
| SOX 404 Activity | How the Suite Helps | Agent(s) Involved |
|---|---|---|
| Scoping & Risk Assessment | Automatic FSLI mapping, materiality calculation, significant account identification | Agent 05, Agent 09 |
| Controls Inventory | Maintains living inventory linked to COSO components and SOX assertions | Agent 05 |
| Design Effectiveness | Reviews control design against best practices; flags design gaps | Agent 02, Agent 05 |
| Operating Effectiveness | Tests controls over the period; generates test workpapers with evidence | Agents 01β04 |
| Deficiency Classification | Auto-classifies deficiencies as Control Deficiency / Significant Deficiency / Material Weakness | Agent 03, Agent 09 |
| Management Assessment | Generates management assertion documentation and supports CEO/CFO 302 certifications | Agent 10 |
| External Auditor Package | Produces organized evidence package with all workpapers, samples, and results for external review | Agent 10 |
COSO Framework Alignment
The suite maps controls to all five COSO components: Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities β ensuring your documentation meets external auditor expectations.
AWS Cloud Audit
CLOUD SECURITY Β· CIS BENCHMARKS Β· IAM REVIEW
The AWS Cloud Auditor agent (Agent 06) performs a comprehensive security assessment of your AWS environment. It requires only a read-only IAM role and automatically scans across services for misconfigurations, policy violations, and compliance gaps against CIS AWS Benchmark and NIST standards.
What AWS Agent 06 Checks
IAM Policy Review
Identifies overly permissive policies, unused roles, access keys older than 90 days, root account usage, and missing MFA enforcement.
S3 Security
Checks for public buckets, missing encryption, versioning disabled, and CloudTrail logging gaps. Flags buckets with sensitive naming patterns.
Network Controls
Reviews Security Groups for overly permissive inbound rules (0.0.0.0/0), VPC flow log enablement, and public subnet placement of sensitive resources.
CloudTrail & Logging
Verifies CloudTrail is enabled in all regions, log file validation is on, and S3 bucket access logging is configured for critical data stores.
GuardDuty & Config
Confirms AWS GuardDuty and AWS Config are enabled; reviews Config rules for compliance posture and remediation actions on findings.
Data Encryption
Checks EBS volume encryption, RDS encryption at rest, and KMS key rotation policies. Flags unencrypted snapshots and backups.
Setting Up AWS Read-Only Access
// Step 1: Create a read-only IAM role in AWS
// Attach these managed policies:
SecurityAudit // Broad read access to security-relevant configurations
ReadOnlyAccess // General read access across services
IAMReadOnlyAccess // Read IAM users, roles, policies
// Step 2: Configure trust policy to allow suite to assume the role
{
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::YOUR_ACCOUNT:root" },
"Action": "sts:AssumeRole"
}
// Step 3: Enter the Role ARN in Data Sources β AWS
// The suite uses STS to assume the role temporarily (1 hour sessions)
Autonomous Monitoring Operations
ZERO-FRICTION INGESTION Β· XAI TRUST Β· SWARM ALERTING Β· REMEDIATION CLOSURE
This section defines the recommended industrial operating model for production teams using the current portal pages. The suite is now optimized for continuous monitoring, not one-off manual upload/testing.
Portal Page Responsibilities
| Page | Primary Operator | Core Responsibility | Frequency |
|---|---|---|---|
app.html | Audit Analyst | Semantic ingestion, Data Integrity Scorecard, logic trace review with triggered T-Code(s) and Policy Rule, swarm-aware triage | Daily / per intake batch |
governance.html | Control Owner + Internal Audit | Assign remediation, generate mitigation plan, capture management response, closure tracking | Daily status + weekly governance cadence |
vault.html | Audit Manager / QA | Verify All cryptographic checks, forensic integrity certificate, remediation lifecycle evidence | Daily + pre-committee reporting |
reports.html | Audit Lead | Residual risk heatmap and external read-only package distribution | Weekly / month-end / quarter-end |
Operating Workflow (End-User View)
- Open
app.htmland upload raw ERP extracts (including SAP technical headers likeMANDT,BNAME,AGR_NAME,USNAM). - Review the Data Integrity Scorecard before scan: missing values, duplicates, and date consistency are shown prior to execution.
- Run agents and use Logic Trace on each exception to validate if-then reasoning, including the exact triggered T-Code(s) and Policy Rule.
- If ITGC leaver-access alerts are present, monitor swarm alerts and the P1 marker in JE findings so post-termination journal review is automatically prioritized.
- Move to
governance.htmland generate a mitigation plan per finding; assign owner, due date, response, and actual closure date. - Open
vault.html, click Verify All, and archive the generated forensic integrity certificate with remediation lifecycle records.
Auditor Trust Controls Checklist
Explainability
Every material exception must include Logic Trace output, triggered T-Code(s), triggered Policy Rule, and technical justification before escalation.
Cross-Agent Corroboration
Leaver alerts from Logical Access trigger JE Forensics review automatically through shared context memory and elevate matched JE exceptions to P1 priority.
Actionability
Mitigation plans must be generated and management responses captured, with closure date evidence logged in vault.
Integrity Assurance
Run Verify All daily and preserve forensic integrity certificate exports in audit workpapers.
Documentation Hub
END-TO-END USER + ORGANIZATION REFERENCE
This hub consolidates the complete operational documentation for the current portal state. It is written for both end users and organization-level owners (Audit Managers, Risk Leads, Compliance, Admin/DevOps).
Use this section when onboarding teams, defining responsibilities, validating operating rhythm, or preparing evidence and reporting packs across the full audit lifecycle.
Complete Docs Pack (Current Build)
| Document | Purpose | Primary Audience | When To Use |
|---|---|---|---|
| MASTER_HANDBOOK.md | Single consolidated handbook from onboarding through operations, governance, and signoff. | Executives, Audit Leadership, Program Owners | Primary reference for enterprise rollout, operating rhythm, and final cycle approvals. |
| PORTAL_END_TO_END_GUIDE.md | Complete walkthrough of all pages, controls, handoffs, and expected outcomes. | End users, Audit Operations | Day-0 onboarding and first pilot cycles. |
| ORGANIZATION_OPERATING_MODEL.md | Operating model, RACI, governance cadence, and ownership boundaries. | Audit Managers, Executives, PMO | Program rollout and quarterly governance reviews. |
| PAGE_FLOW_REFERENCE.md | Page-by-page functional map with user actions, inputs, and outputs. | All business users | Daily operation and training. |
| API_DATAFLOW_REFERENCE.md | Frontend-to-API dataflow, fallback behavior, and endpoint mapping. | Admin, Engineering, QA | Troubleshooting, release validation, integration planning. |
| ROLE_BASED_SOPS.md | Role-specific SOP checklists for admins, auditors, managers, compliance, and executives. | All role owners | Daily/weekly execution and handoff quality control. |
| READINESS_TEMPLATES.md | Day-0, Day-30, and Quarterly readiness templates and exit criteria. | Program leads, PMO | Onboarding, stabilization, and periodic assurance reviews. |
| ACCEPTANCE_CRITERIA_MATRIX.md | Signoff-ready acceptance matrix for go/no-go and operating controls. | Audit leadership, executives | Release gates, cycle signoffs, and governance checkpoints. |
| OPERATIONS_RUNBOOK.md | Runtime operations, deploy checks, and service-level procedures. | Platform Ops, SRE | Deployment, maintenance, incident prevention. |
| INCIDENT_RESPONSE_SOP.md | Severity triage, containment, recovery, and post-incident process. | Security/Ops | Service disruption or security incidents. |
| SSO_CLAIM_MAPPING.md | Enterprise claim-to-role mapping operations and validation. | Identity Admins | IdP onboarding and access model updates. |
| COMPLIANCE_EVIDENCE_PACK.md | Compliance artifact generation, manifest/checksum verification. | Audit, Compliance, External Review | Audit cycles, control attestation, external review prep. |
End-to-End Lifecycle (Organization View)
1
Plan Scope and Ownership
Define entities, processes, controls, and role responsibilities before execution begins.
2
Connect Sources and Validate Inputs
Use Settings and control pages to confirm source integrity and run readiness.
3
Execute ITGC/ITAC Flows
Run testing cycles, capture exceptions, and validate supporting evidence lineage.
4
Governance and Risk Prioritization
Translate findings into owner-assigned remediation with SLA and escalation paths.
5
Reporting and Assurance Pack
Generate management outputs and evidence bundles for internal and external stakeholders.
6
UAT and Continuous Improvement
Use UAT guardrails and feedback loops to improve controls, data quality, and reporting fidelity.
Recommended Team Usage
Keep this Help page as the quick operational guide, and use the linked docs for deep-reference procedures, ownership definitions, and audit cycle readiness checks.
Troubleshooting
COMMON ISSUES Β· ERROR CODES Β· SOLUTIONS
| Issue | Likely Cause | Solution | Severity |
|---|---|---|---|
| Data source connection fails | Incorrect credentials, firewall blocking the connection, or service account locked | Verify credentials, check firewall rules allow the suite's IP, unlock the service account in AD | Medium |
| Agent stuck in "Running" state | Large dataset taking longer than expected, or agent encountered an unhandled exception | Wait 5 minutes; if still stuck, click "Cancel Task" and retry with a narrower date range or sample size | Low |
| No results returned for a test | Query returned empty set β no matching data in the selected period, or incorrect scope configuration | Verify the date range and system scope are correct; check that the data source is returning data | Low |
| AWS scan showing permission errors | IAM role missing required read permissions for certain services | Attach SecurityAudit managed policy to the IAM role; verify STS AssumeRole trust policy is configured | Medium |
| Report export fails or is blank | No completed test results to include, or a browser timeout during large report generation | Ensure at least one test is in "Complete" status; try the PDF export on a stable network connection | Low |
| SOX mapping not showing | FSLI mapping table has not been configured for your company | Go to Settings β SOX Configuration and upload your FSLI/control mapping file | Medium |
| Login fails with SSO | SSO provider metadata out of date, or user not provisioned in the SSO group | Contact your IT admin to verify SSO group membership and refresh the SAML metadata in Settings | High |
| Exception count seems wrong | Agent may have counted duplicates across overlapping test runs, or threshold settings differ | Review the Exception Detail view and use the deduplication toggle; verify your exception threshold settings | Low |
Enable Debug Logging
To get detailed error information, go to Settings β Advanced β Enable Debug Logging. This records verbose agent activity to help diagnose unusual behavior. Remember to disable after troubleshooting to avoid performance impact.
Keyboard Shortcuts
| Shortcut | Action |
|---|---|
| Ctrl + K | Open Orchestrator command palette |
| Ctrl + R | Refresh current agent results |
| Ctrl + E | Quick export current view |
| Ctrl + / | Toggle sidebar navigation |
| Ctrl + N | Start new audit |
| Esc | Cancel running agent / close modal |
Frequently Asked Questions
COMMON QUESTIONS Β· QUICK ANSWERS
Does the suite use my data to train AI models?
No. Your audit data is never used for AI training. The AI models used by the agents are pre-trained and run in your local environment. No data is sent externally for inference or training purposes. The zero exfiltration guarantee means your data stays within your compliance boundary at all times.
Can I customize the test procedures for each agent?
Yes. Every agent has a configurable test procedure library. Go to Settings β Test Procedures and you can edit existing test scripts, add custom tests, modify pass/fail criteria, and adjust sample sizes. You can also save custom templates for reuse across audit cycles.
How accurate are the agent-generated test results?
Accuracy depends on the quality of your data source connections and the configuration of test criteria. For structured data (user access lists, change tickets), agents achieve high accuracy. The suite is designed to surface results for human auditor review β not to replace professional judgment. All outputs should be reviewed and approved by a qualified auditor before inclusion in formal workpapers.
Can multiple auditors use the suite simultaneously?
Yes. The suite supports multi-user concurrent access. Each user has their own workspace, and audit projects can be shared across team members with role-based permissions. Agents can run parallel tasks for different team members simultaneously without interference.
Does the suite support non-SOX frameworks like ISO 27001, SOC 2, or HIPAA?
While the suite is optimized for SOX, many features β particularly ITGC testing, access reviews, change management testing, and cloud auditing β are directly applicable to ISO 27001, SOC 2 Type II, HIPAA, and PCI DSS audits. Framework mapping for these standards is on the product roadmap.
How do I handle a situation where the Orchestrator misunderstands my instruction?
The Orchestrator-style assistant will ask for clarification if it's uncertain. If it proceeds with an incorrect interpretation, you can type "Stop" or press Esc to halt the task. Then rephrase your instruction with more specificity β include the system name, time period, control domain, and any specific criteria. For example, instead of "check access", try "Review all active SAP FI module user accounts as of December 31, 2025 and flag anyone with both posting and approval access." In static mode, this remains advisory and does not trigger backend automation jobs.
Can I schedule recurring audits to run automatically?
Scheduled recurring audits require backend orchestration services. In this static client-side build, you can run audits manually and export evidence, but background scheduling is not active until connected to an enterprise backend deployment.
What happens to the audit evidence after the engagement closes?
Audit evidence is retained within your environment according to your configured retention policy (default: 7 years). You can archive closed engagements to cold storage, export full evidence packages for your document management system, or securely delete specific items. Retention policies can be configured at Settings β Data Retention.