Discuss your ITGC scope.
Share your systems, timeline, and the control areas you need. We operate the testing workflow and produce the documentation; your licensed auditor reviews, concludes, and signs. We issue no audit opinion, assurance, or attestation — that authority stays with you.
Auditing a different stream? Ask us about a custom-built workflow platform of your own.
Send a message
We typically respond within 1–2 business days. Response times may vary.
By submitting, you agree we may use your information to respond to your inquiry per our Privacy notice.
What happens next
- Short scope call — confirm systems, control areas, and timeline
- Written proposal — deliverables, engagement model, and pricing
- Your tenant workspace is provisioned and access begins
Mutual NDA available on request as part of scoping. You control your own data lifecycle; a 30-day post-termination window to export your data and evidence, then a revoke-and-delete cadence per MSA Schedule B. See Security.
All project terms are defined by written agreement. See Legal & Privacy.
- 01
Scoped testing
We work from a library of 32 ITGC control templates spanning Access, Change, Operations, and Security; 8- or 9-step workflows from scoping/population through QC and auditor review. The controls in scope are defined per engagement.
- 02
Evidence-first AI, gated
Each sample is tested against each control attribute with confidence scoring and full provenance; missing evidence = INCONCLUSIVE, no guessing. Lock is blocked by multiple automated gates — AI review, QC acknowledgment, coverage.
- 03
A single workpaper
One HTML document: 13 numbered sections plus a legal-disclaimer preamble and a table of contents, with a CONFIDENTIAL watermark, plus two CSV side-exports — an Evidence Index (with SHA-256 hashes) and Testing Results.
We operate the workflow and produce the documentation. Your licensed auditor reviews every AI result, concludes, and signs. muratov.io issues no audit opinion, assurance, or attestation.
Managed engagement
For a sole-practitioner CPA or a single corporate IT auditor who wants the testing run for them. We operate the workflow and hand back the workpaper pack; you stay the sole concluding and signing auditor of record. Risk-tiered sampling is deterministic and reconstructable from a stored seed; every conclusion passes the automated sign-off gates before lock.
Custom build
Auditing a stream beyond ITGC? We also design and build custom audit-workflow platforms on the same tenant-isolated, append-only-audit architecture — reproducible sampling, evidence-first AI under mandatory human review, enforced sign-off gates. Scope and terms are defined entirely by written agreement.
No compliance claim, no assurance or outcome guarantee, no SLA.
| US | Vercel (iad1) hosting; primary customer data on Neon PostgreSQL in the US; evidence files in Vercel Blob via tenant-scoped paths |
|---|---|
| AI | Anthropic Claude (US); your data is not used to train models per Anthropic's commercial terms; 7-day API log retention |
| RLS | PostgreSQL row-level security with session-bound tenant context; cross-tenant reads blocked at the database engine |
| LIFE | Mutual NDA on request; a 30-day post-termination window to export your data and evidence, then revoke-and-delete per MSA Schedule B |
Eight named sub-processors deliver the platform; the authoritative per-customer list is MSA Schedule A. See Security and Sub-processors & privacy.