AI Features
AIIA embeds AI throughout the audit lifecycle — from planning assistance to evidence analysis, workpaper drafting, and continuous monitoring. All AI features operate under strict governance with RBAC enforcement, human approval gates, and full audit logging.
Architecture
AI Capabilities at a Glance
| Capability | Description | Where Used |
|---|---|---|
| AI Companion | Conversational assistant for audit questions and drafting | All modules |
| Evidence Summarization | Auto-summarize uploaded documents and evidence | Fieldwork |
| Narrative Drafting | Draft workpaper conclusions and report narratives | Fieldwork, Reporting |
| Historical Retrieval (RAG) | Search past audits, findings, and knowledge base | All modules |
| AI Diff Review | Intelligent comparison of document versions | Fieldwork |
| Data Agent | Natural language queries against audit data | Dashboards |
| Document Intelligence | Upload and analyze documents with AI extraction | Standalone |
| Agentic AI | Multi-step autonomous tasks with human approval | Advanced |
| KRI Wizard | AI-guided Key Risk Indicator creation | Monitoring |
| Risk Suggestion | AI recommends risks based on industry data | Universe |
| Scope Generation | AI drafts engagement scoping memos | Engagements |
| Finding Drafting | AI drafts CCCER components from test results | Findings |
Governance Principles
Every AI feature in AIIA follows these non-negotiable principles:
1. Suggestions Only — Never Automatic
AI outputs are always suggestions that require explicit human action to apply. No AI output is written to official records without human confirmation.
2. RBAC-Constrained
The AI respects the same RBAC rules as the user. It can only access data the user is authorized to see. Cross-role and cross-organization data leakage is prevented at the retrieval layer.
3. Fully Audited
Every AI interaction generates an AuditLogEvent with:
- User who requested the AI action
- Model and provider used
- Input prompt (sanitized)
- Output generated
- Whether the suggestion was accepted or rejected
- Confidence score
- Source citations
4. Citations Required
All AI outputs include source citations — links to the specific workpapers, findings, or documents that informed the response.
5. Confidence Scoring
Each AI suggestion includes a confidence score (0–100%) indicating how certain the AI is about its recommendation. Low-confidence suggestions are flagged for extra scrutiny.
Provider Configuration
AIIA supports multiple AI providers with hot-swappable configuration:
| Provider | Local | Cloud | Key Required |
|---|---|---|---|
| Ollama | ✅ | ❌ | ❌ |
| Gemini | ❌ | ✅ | ✅ |
| OpenAI | ❌ | ✅ | ✅ |
| Anthropic | ❌ | ✅ | ✅ |
| DeepSeek | ❌ | ✅ | ✅ |
| Custom | ✅ | ✅ | ✅ |
For on-premise / air-gapped deployments, use Ollama with locally-downloaded models for full AI functionality without internet access.
See Provider Configuration → for setup instructions.
Getting Started
- AI Companion → — Chat interface and usage guide
- Evidence Summarization → — Summarize documents
- Narrative Drafting → — Draft workpapers and reports
- Historical Retrieval → — Search past audits with RAG
- Data Agent → — Natural language data queries
- Document Intelligence → — Upload and analyze
- Agentic AI → — Multi-step autonomous tasks
- Governance → — RBAC, audit trails, and IPPF compliance
- Best Practices → — Get the most from AI