The Auditor Toolkit
11 dedicated modules purpose-built for external auditors. Secure, time-boxed access to everything you need to conduct thorough compliance audits — without chasing spreadsheets or waiting for file shares.
11 Purpose-Built Modules
Every tool an external auditor needs, integrated into a single secure workspace. No data leaves the platform.
Control Status
Read-only view of the organisation's compliance assessment status per control. See implementation progress at a glance with inline note-taking to record your observations against each control.
Documents
Read-only access to all toolkit documents, including policies, procedures, and work instructions. Browse the complete document library with version history, review dates, and approval status without altering anything.
Evidence
Browse all evidence files mapped to controls. Download any file via 24-hour signed URLs — secure, expiring links that prevent unauthorised redistribution. Filter by control, date, file type, or AI confidence score.
Audit Trail
View the immutable audit log for the entire organisation. Every change to controls, documents, evidence, and settings is recorded with timestamps, user identities, and before/after diffs. Fully tamper-proof.
RFI Requests
Create Requests for Information linked directly to specific controls. Set priority levels and due dates, then track responses from the client team. A structured, auditable communication channel that replaces scattered email trails.
Private Scratchpad & Findings
Private notes visible only to you (enforced by strict row-level security). Contextual notes linked to controls or evidence. Classify findings as Major NCR, Minor NCR, Observation, or Opportunity for Improvement. Use 'Publish Finding' to convert any note into a Non-Conformity Report in the company's CAPA register with source marked as 'external_audit' — the company is automatically notified by email.
Temporal Vault
Travel back in time. Select any past date using the date picker (with quick presets for common audit periods) and the system reconstructs the exact document state at that moment using audit log diffs. Verify what was in place when it mattered.
Smart Sampler
Statistically random sampling across multiple data sources: evidence files, documents, tasks, audit logs, NCRs, and risks. Configure sample size and date range, then let the platform pull a defensible, unbiased sample set for your review.
Traceability Visualiser
A three-column chain view mapping Risk to Control to Evidence. Instantly trace any risk through to its mitigating controls and supporting evidence. Spot gaps and broken chains at a glance.
Readiness Heatmap
A CSS grid of colour-coded cells by clause and section. Green means evidence is fresh (under 3 months), yellow flags ageing evidence (3-6 months), and red highlights stale or missing evidence (over 6 months). Identify weak spots before sampling.
Enhanced Audit Pack Export
Download a complete audit pack as a ZIP file containing all evidence files plus an XLSX mapping matrix. Includes an auto-generated index.html table of contents with hyperlinks for easy navigation, per-control _summary.txt files, and configurable export filters: include/exclude findings, include/exclude RFIs, filter by control, and add heatmap summary. Every export is logged to the auditor activity log with file count and checksum.
How It Works
Five simple steps from invitation to completion. No setup, no installation, no data migration.
Invite
The company sends an access invitation to your email address with a defined 30-day window.
Accept
Click the link, create your auditor account (or sign in), and accept the engagement terms.
Audit
Use all 11 modules to review controls, sample evidence, raise RFIs, and document findings.
Export
Download the Enhanced Audit Pack with all evidence, mappings, and summaries in one ZIP.
Access Expires
After 30 days, access is automatically revoked. Expiry warnings are sent 7 and 1 day before.
Security & Trust
Built for the confidentiality demands of external audit engagements.
30-Day Time-Boxed Access
Every auditor engagement has a defined start and end date. Access is automatically revoked when the window closes. No stale accounts, no forgotten permissions.
Row-Level Security
All auditor notes and scratchpad data are protected by Supabase RLS policies. No other user — not even organisation admins — can view your private observations.
Full Activity Logging
Every auditor action is recorded: logins, page views, downloads, RFI creation, and finding publications. Complete transparency for both parties.
Email Invitation Flow
Auditors receive a secure email invitation with a unique acceptance link. Works for both company-managed and consultant-managed client engagements.
Expiry Warning Notifications
Automated email reminders are sent 7 days and 1 day before access expires, ensuring auditors have time to complete exports and finalise findings.
Dedicated Auditor Portal
A separate login experience tailored for auditors. No confusion with the main platform. Clean interface, focused on audit workflows, accessible from any modern browser.
Recommend Narrate to your clients
See how the Enterprise Audit Toolkit transforms the audit experience. Book a demo and we'll walk you through every module.