We run your ITGC testing. You keep every signature.
We operate the ITGC testing workflow on the platform and hand you a reviewer-ready workpaper plus evidence-testing package. Your licensed auditor reaches every conclusion and signs. We issue no audit opinion, assurance, or attestation — the professional judgment is yours.
You conclude and sign — we never issue an opinion. US-hosted; your data stays in your isolated tenant.
- 01
We operate the workflow
Sampling, evidence mapping, and AI testing run across your control population under our operation. Every AI determination carries the model used, a confidence score, evidence excerpts, and rationale.
- 02
We produce the package
A 13-section HTML workpaper (print-to-PDF in the browser for archive) plus two CSV side-exports — an Evidence Index with SHA-256 hashes and a Testing Results export.
- 03
You conclude and sign
Your licensed auditor reviews every AI result, accepts or overrides each determination, and signs. The platform blocks sign-off until every gate passes. We render no opinion, assurance, or attestation.
Scope, deliverables, and terms for each managed engagement are set in a written engagement letter before any work begins.
- 32
- ITGC control templates control-templates.ts
- 80%
- minimum coverage to lock a control workflow-gates.ts
- 8·9
- steps per control WORKFLOW_STEP_COUNTS
- 13
- section HTML workpaper + 2 CSV side-exports
Deterministic, SHA-256-seeded sampling means a drawn sample can be reconstructed from its stored seed. Quality review runs 6 control-level checks plus 29 per-sample data-integrity check types — self-approval, segregation-of-duties, post-termination activity, SLA-breach detection. Explore the platform →
A control cannot lock until every gate passes
Ten distinct named gates stand between a draft and a signed control. Hard blockers are separated from informational warnings; nothing auto-finalizes, and the auditor is always the authoritative gate.
- GATE 01Testing complete
- GATE 02Quality review run
- GATE 03Critical QC findings acknowledged
- GATE 04High QC findings acknowledged
- GATE 05All AI results reviewed
- GATE 06Every attribute tested
- GATE 07No rejected AI results outstanding
- GATE 08Exceptions closed or accepted
- GATE 09SLA-overdue critical/high exceptions resolved
- GATE 10Change-control traceability complete
Locked until every gate passes
Plus a 80% testing-coverage floor and a no-sample-without-evidence blocker. The auditor concludes and signs.
Nothing auto-finalizes. The judgment is yours.
Need this engineered for a different audit stream?
Two things we do: we operate ITGC testing for you as a managed service, and we design and build custom audit-workflow platforms for other audit or assurance-support streams. The methodology-enforcing ITGC platform on this site is our working reference build — the same architecture (workflow gates, deterministic reproducible sampling, evidence-first AI with mandatory human review, append-only audit trails, database-level tenant isolation) can be built for your stream.
We scope custom builds individually under a written engagement letter. We design and build the platform; we do not issue audit opinions, assurance, or attestation, and we make no compliance or certification guarantee. No reference build for another audit stream has shipped yet, and we guarantee no specific outcome.
Start with a conversation about your scope
Tell us about your ITGC scope or a custom audit-workflow you need built — or browse a sample workpaper the platform produces.