ITGC testing with built-in methodology — evidence‑first, reviewer‑ready
I help audit teams and CFO orgs get defensible ITGC results. Structured testing, purpose-built tooling, and workpapers that reviewers can trust without reverse-engineering the logic.
ITGC Factory — purpose-built, not spreadsheets
A platform I designed and developed to enforce methodology and produce consistent, reviewer-ready output.
- 26 control templates (Access, Change, IT Ops, Security)
- AICPA/PCAOB-aligned sampling (seeded, reproducible)
- 7-point sign-off validation
- 13-section export with per-section standards references
Evidence-First AI
AI assists testing but never concludes without evidence. Every result ties back to source documents.
- 3-layer extraction: raw text + record-level facts + excerpts
- Category-specific confidence thresholds
- Mandatory auditor review for all AI results
AI-assisted results are probabilistic and subject to inherent limitations. All AI outputs require professional review before reliance.
- 1Population
- 2Sampling
- 3Evidence
- 4Testing
- 5Exceptions
- 6QC
- 7Review
- 8Export
Data handling with clear boundaries
Evidence stays where you want it. NDA-ready. Default minimal retention.
Trust principles
Four commitments that define how client data is handled on every engagement.
- Least data — only what's required for agreed tests
- Client-controlled storage — evidence remains in your tenant
- Minimal retention — default no long-term retention unless agreed
- Traceability — conclusions tie back to evidence and criteria
Technical edge
Reproducible results — same inputs produce the same workpaper every time. Reviewer-ready conclusions that trace back to evidence and criteria. Exception-focused reporting with severity and remediation documentation. Built on TypeScript, Next.js, and PostgreSQL with full audit trails.
How engagements run
Scope call → proposal with deliverables and day rate → execution with review checkpoints → reviewer-ready pack.