Audit-IQ RegTech

Product Documentation

Last updated: June 2026

Audit-IQ helps organisations interpret regulatory documents and convert them into structured, reviewable compliance outputs.

1. How the Platform Works

Step 1 — Upload Documents

Upload:

  • Regulatory frameworks
  • Internal policies
  • Client compliance documents

Supported formats:

  • PDF
  • Word (DOCX)
  • Web pages (public URLs)

Google Drive import

You can also import documents directly from Google Drive from the Analyze page:

  • Connect your Google account via OAuth — Audit-IQ requests read-only access (drive.readonly)
  • Browse folders and search your Drive; import PDFs, DOCX files, and Google Docs
  • Google Docs are exported as PDF before text extraction
  • Each Drive import uses one document analysis quota unit, the same as a local upload
  • To revoke access, visit Google Account → Security → Third-party apps with account access and remove Audit-IQ

Step 2 — AI-Assisted Extraction

Audit-IQ uses regulation-aware LLM prompts to:

  • Extract obligations and responsibilities from uploaded documents
  • Output structured, checklist-ready obligation lists
  • Run a keyword-and-reference coverage check against the regulation master list
  • Flag potential gaps for consultant review

Outputs are AI-generated and require human review before use in formal reporting.

Step 3 — Review & Export

You can:

  • Review extracted insights
  • Map evidence to obligations
  • Export data to PDF / Excel
  • Share summaries with teams or clients

2. Supported Frameworks

Frameworks with active AI extraction prompts and full regulation master lists:

  • APA 2024 (Australian Privacy Act — all 13 Australian Privacy Principles)
  • EU AI Act Title IV (Transparency obligations for certain AI systems)

Frameworks with checklist support (no AI extraction prompt — manual tracking only):

  • SOC 2 — Baseline (CC6 + CC7): logical access and system monitoring
  • ISO 27001 — 23 key controls across 9 domains
  • Essential Eight — 8 ACSC mitigation strategies (Beta)
  • ISO 31000 — 8 risk management controls (Beta)
  • AI Ethics — 8 AI governance controls (Beta)

3. Controls and Control Tests

Controls represent the practical measures an organisation maps to its obligations — the policies, procedures, and technical safeguards that address each regulatory requirement.

  • Each obligation can be linked to one or more controls that address it
  • Control tests are used to verify whether a control is operating effectively
  • Test runs generate evidence-backed status signals — covered, not covered, or insufficient data
  • Coverage is computed deterministically from test run outcomes, not self-reported status

Platform coverage status is an operational signal to support your team's review. It does not constitute an audit opinion or substitute for independent professional assessment.

4. Audit Period Lifecycle

Audit periods help scope compliance work into defined review windows — aligning with internal review cycles, client engagements, or regulatory reporting periods.

Lifecycle states:

  • Draft — period created, work not yet started
  • Active — fieldwork in progress; obligations, controls, and evidence being reviewed
  • Fieldwork complete — data collection done; period ready for sign-off review
  • Closed — period finalised; readiness snapshot captured
  • Archived — period retained for historical reference

Closing a period captures a point-in-time readiness snapshot — obligations, controls, evidence, and coverage at the time of close. Audit-IQ supports the lifecycle structure; it does not certify compliance or replace an independent audit.

5. Consultant Workspace

The Consultant Workspace (Consultant plan) allows compliance consultants and advisory firms to manage multiple client engagements from a single account.

  • Portfolio views surface compliance readiness and attention areas across all clients at a glance
  • Client-safe exports produce presentation-ready deliverables, separate from internal evidence trails
  • Internal evidence and audit documentation remains controlled within the platform
  • Attention queue surfaces severity-ranked gaps across engagements — missing evidence, overdue controls, and open findings

6. Roadmap Frameworks

  • GDPR
  • NIS2
  • ISO 42001

7. Evidence Linking

When you select an evidence item, the platform scores it against your project's obligations and controls using keyword overlap and a built-in list of compliance-relevant terms. Results are ranked by score and displayed with a confidence level and the specific terms that drove the match.

How it works:

  • Suggestions are keyword-based — not LLM-generated
  • Confidence levels (high / medium / low) reflect keyword overlap strength, not a guarantee of relevance
  • Each suggestion shows the matched terms so you can judge fit before linking
  • Nothing is linked until you explicitly click Link — no auto-attachment
  • Control matches are shown for reference; links to controls are managed from the Controls tab
  • Adding a description to your evidence improves match quality

8. Known Limitations

  • All AI outputs require human review — do not use as sole basis for compliance decisions
  • Gap detection uses keyword and reference matching, not semantic understanding
  • PDF formatting (scanned documents, complex layouts) may reduce extraction quality
  • Only APA 2024 and EU AI Act Title IV have active extraction prompts today
  • Evidence linking uses keyword-based matching to surface suggestions — all links require a deliberate reviewer action; nothing is recorded automatically

9. Support

For documentation or product help:
📧 hello@audit-iq.com