We run the testing. You keep every signature.
We operate muratov.io end to end. On the managed line we run the ITGC testing workflow — sampling, evidence mapping, AI-assisted testing, exception triage, quality review — and produce the workpaper documentation. Your firm's licensed auditor reviews every AI determination, concludes, and signs. We are not a CPA firm, audit firm, or law firm, and we issue no opinion, assurance, or attestation.
muratov.io is built and operated by the same people who designed the platform. When you hand us an engagement, we run the workflow inside your dedicated tenant: we draw the sample, map the evidence, run the AI testing under full provenance, triage exceptions, and run quality review. Then your licensed auditor reviews every result, accepts or overrides it, and signs. The judgment is theirs; the operation is ours.
We would rather under-claim than over-claim, so a few things we say plainly, here, not in fine print: the AICPA AU-C 530 sample-size grid is implemented for the verified rows and we cross-check it before any engagement relies on it; we make no uptime SLA; we hold no certification or attestation and the platform is not compliance-audited against any framework; and while we can design and build custom audit-workflow platforms for other streams, no reference build beyond this ITGC platform has shipped yet. Everything is documented mechanics, described as what it is.
Nothing auto-finalizes. The judgment is yours.
- 32
- ITGC control templates control-templates.ts
- 80%
- minimum coverage to lock a control workflow-gates.ts
- 8·9
- steps per control WORKFLOW_STEP_COUNTS
- 3
- risk presets AICPA AU-C 530
Sign-off is gated: a control cannot lock until testing, quality-review acknowledgment, AI review, exception resolution, evidence, and the 80% coverage floor all clear. The managed line runs on real software, not a workpaper template.
What we operate
Population and reproducible, SHA-256-seeded sampling; evidence mapping; AI testing of every sample against every control attribute with stored model version, confidence, quoted excerpts, and rationale; exception triage; and automated quality review — all inside your dedicated, row-level-isolated tenant.
What stays yours
Every conclusion. Your licensed auditor accepts or overrides each AI determination before any control locks, signs the workpaper, and owns the professional judgment. We produce documentation; we do not issue opinions, assurance, or attestation — that authority stays with your firm.
We design and build custom audit-workflow platforms
ITGC is the proof of capability, not the limit of it. The same architecture that runs this line — SHA-256-seeded reproducible sampling, evidence-first AI under mandatory human review, enforced sign-off gates, an append-only audit trail, and database-level tenant isolation — can be directed at other audit and assurance streams, scoped to your methodology and evidence model.
This is a portfolio of engineering capability shown through working software — no outcome, certification, or compliance guarantee. Scope and the standards a stream must meet are defined together at the start of an engagement.
Scope a managed engagement, or a bespoke build
Tell us the stream, the standards your firm must satisfy, and the evidence you hold — or browse a real workpaper output first.