About AIIA
AIIA (Audit with Intelligence. Insight with Action.) is a Saudi-developed, AI-enabled internal audit and continuous monitoring platform aligned with Vision 2030 digital economy objectives.
What is AIIA?
AIIA manages the full audit lifecycle in one controlled environment:
| Phase | What happens |
|---|---|
| Planning | Annual audit plan, risk-based prioritization, resource allocation |
| Setup | Engagement creation, methodology selection, phase/milestone planning |
| Fieldwork | Workpapers, test procedures, sampling, evidence collection |
| Reporting | Draft reports, review gates, board packs, PDF/Word export |
| Follow-up | Action plans, remediation evidence, closure validation |
| Monitoring | KRI dashboards, automated alerts, exception analysis, trend tracking |
Value Propositions
| # | Value | Impact |
|---|---|---|
| 1 | End-to-End Lifecycle | One platform from planning to monitoring. No fragmented tools. |
| 2 | Continuous Audit | KRIs, thresholds, automated alerts — not just periodic reviews |
| 3 | Earlier Risk Detection | Flags emerging risks before the next scheduled audit |
| 4 | AI-Assisted Execution | Evidence summarization, narrative drafting, historical retrieval |
| 5 | Governed AI | Human approval required, RBAC-filtered, fully audit-trailed |
| 6 | Local/Secure AI | On-premise LLM processing — sensitive data never leaves your network |
| 7 | Remediation Accountability | Action owners, due dates, escalation, closure validation |
| 8 | Management Visibility | Executive dashboards, portfolio analytics, board packs |
| 9 | Standardized Methodology | Reusable templates, risk/control libraries, required deliverables |
| 10 | Saudi-Developed | Arabic/English, RTL support, NCA/PDPL/CSCC compliance |
Target Personas
| Persona | Role | Primary Value |
|---|---|---|
| 🎯 CAE / Head of Audit | Strategic oversight | Annual plan approval, resource allocation, board reporting |
| 📋 Audit Manager | Engagement management | Planning, staffing, review gates, quality oversight |
| 🔍 Auditor | Fieldwork execution | Workpapers, testing, evidence, findings |
| 📊 Quality / Continuous Audit | QA & monitoring | QA reviews, KRI config, exception analysis |
| 👔 Senior Leadership | Read-only visibility | Executive dashboards, board packs, risk heatmaps |
| 🤝 Audit Client | External collaboration | PBC requests, evidence uploads, finding responses |
| ⚙️ IT Administrator | Platform admin | SSO, RBAC, integrations, deployment |
Deployment Models
AIIA supports three deployment models:
| Model | Description | Best For |
|---|---|---|
| Shared SaaS | Multi-tenant on OCI (Riyadh) | Essentials & Professional tiers |
| Private Tenant | Dedicated namespace on OCI | Enterprise tier — data isolation |
| On-Premise | Self-hosted, air-gapped capable | Sovereign tier — full control |
Technology Stack
| Layer | Technology |
|---|---|
| Backend | Python 3.11+, FastAPI, SQLModel |
| Frontend | TypeScript, Next.js 14+, Tailwind CSS |
| Database | PostgreSQL 16 + pgvector |
| Storage | MinIO (S3-compatible) |
| Identity | Keycloak (OIDC/OAuth2/SAML) |
| AI | Ollama (local), Gemini, OpenAI, Anthropic, DeepSeek |
| Cache | Redis |
| Observability | OpenTelemetry, Prometheus, Grafana |
| Deployment | Docker Compose, Helm, OCI |
Regional Alignment
- Vision 2030: Supports digital economy and local technology development
- NCA ECC: Essential Cybersecurity Controls compliance tracking
- PDPL: Personal Data Protection Law compliance management
- Bilingual: Full Arabic/English with native RTL layout support
- Cloud: OCI Riyadh (primary) + Jeddah (DR)