Upload & Manage Evidence
Evidence files are the documentary proof supporting audit work. AIIA enforces a strict chain-of-custody for all evidence — every file is hashed, scanned, timestamped, and linked to the uploader — ensuring integrity throughout the evidence lifecycle.
Evidence Chain of Custody
When an evidence file is uploaded to AIIA, the system automatically:
- Computes a SHA-256 hash (
hash_sha256) — for tamper detection - Scans for viruses (
scan_status: PENDING → CLEAN or INFECTED) - Records the uploader (
uploaded_by_id) — who uploaded the file - Timestamps the upload (
uploaded_at) — when the file was added - Stores in MinIO (
s3_key) — object storage with versioning - Records metadata — filename, MIME type, file size in bytes
Uploading Evidence
From a Workpaper
- Open the engagement → Workpapers tab → select a workpaper
- Navigate to the Evidence tab
- Click + Upload Evidence
- Drag and drop files or click to browse
- Wait for the virus scan to complete (status changes from PENDING to CLEAN)
- The file is now linked to the workpaper via
workpaper_id
From an Engagement
- Open the engagement → Evidence tab
- Click + Upload Evidence
- Select the files
- Optionally link to a specific workpaper
Supported File Types
| Category | Formats |
|---|---|
| Documents | PDF, DOCX, DOC, XLSX, XLS, PPTX, CSV, TXT |
| Images | PNG, JPG, JPEG, GIF, BMP, TIFF |
| Archives | ZIP, 7Z, RAR |
| Other | XML, JSON, HTML |
Maximum file size: 50 MB per file
Evidence Fields
| Field | Type | Description |
|---|---|---|
id | Integer | Unique identifier |
filename | String | Original filename |
s3_key | String | Storage key in MinIO |
mime_type | String | MIME type (e.g., application/pdf) |
size_bytes | Integer | File size in bytes |
hash_sha256 | String | SHA-256 hash for integrity verification |
uploaded_by_id | String | User who uploaded the file |
uploaded_at | DateTime | Upload timestamp |
scan_status | String | PENDING, CLEAN, INFECTED |
scan_id | String | Virus scanner reference ID |
workpaper_id | Integer | Linked workpaper (optional) |
engagement_id | Integer | Parent engagement |
follow_up_test_id | Integer | Linked follow-up test (optional) |
remediation_evidence_id | Integer | Linked remediation evidence (optional) |
Evidence Immutability
Evidence files are immutable after upload. Once uploaded, a file cannot be modified, replaced, or deleted. This ensures the chain-of-custody is maintained for regulatory compliance and legal defensibility.
If the wrong file was uploaded:
- Upload the correct file
- Note the error in the workpaper narrative
- Both files remain in the evidence record
Virus Scanning
All uploaded files pass through the security scanner:
| Status | Description | Action |
|---|---|---|
| PENDING | Scan in progress | Wait — file is not yet usable |
| CLEAN | No threats detected | File is ready for use |
| INFECTED | Threat detected | File is quarantined — cannot be opened |
Files in INFECTED status are:
- Blocked from viewing or downloading
- Flagged with a warning icon
- Logged in the audit trail
Evidence Search
Search evidence across all engagements using:
- Filename — partial match search
- File type — filter by MIME type
- Date range — filter by upload date
- Uploader — filter by who uploaded
- Engagement — filter by engagement
AI Evidence Summarization
For document-type evidence (PDF, Word), the AI companion can:
- Summarize the document content
- Extract key data points
- Highlight relevant passages for the workpaper
- All summaries are suggestions requiring human review
Permissions
| Action | Auditor | Manager | CAE | Client |
|---|---|---|---|---|
| Upload evidence | ✅ | ✅ | ✅ | ✅ PBC only |
| View evidence | ✅ Own engagements | ✅ All | ✅ All | ❌ |
| Download evidence | ✅ | ✅ | ✅ | ❌ |
| Delete evidence | ❌ | ❌ | ❌ | ❌ |