Live demo · Same engine as the CLI · 100% in-browser

Paste a controls config. See a PCAOB walkthrough.

This demo runs the deterministic walkthrough engine that ships in @prova/sox-audit-cli. Nothing you paste here leaves this browser tab. No network call, no backend, no logging. The in-browser engine and the CLI produce byte-identical output — so your Controller can audit the deterministic path before their auditor arrives.

6 PCAOB templates · runs in your browser · zero network

Acme Portfolio Co., Inc.

Audit DEMO-Q1-2026 · 2026-01-01 through 2026-03-31

Prepared by J. Okafor, Internal Audit Director · reviewed by M. Chen, Controller

ControlCatRiskSampleExcConclusion
ITGC-03ITGChigh12/121INEFFECTIVE
ITGC-01ITGChigh25/251EFFECTIVE (observations)
BP-01BPhigh25/250EFFECTIVE
BP-02BPmedium15/150EFFECTIVE

ITGC-03 Privileged Access Periodic Review

PCAOB AS 2201.44; SOC 1 CC6.2 / CC6.3

INEFFECTIVE

Deviation 8.3% exceeds 5% tolerable for high-risk. Escalate to audit firm.

REV-AWS-PROD-Q1 · high · reviewer cleared 47 accounts in 2m11s — rubber stamp

ITGC-01 User Access Provisioning

PCAOB AS 2201.39 + .44; SOC 1 CC6.1 (Logical Access Controls)

EFFECTIVE (observations)

1/25 failed (4.0%). Within 5% tolerable. Root-cause + remediate before audit review.

REQ-00301 · high · approver = requestor (SoD violation)

BP-01 Revenue Recognition — Period-End Cutoff

PCAOB AS 2201.40; ASC 606; SOX 404

EFFECTIVE

All 25 items passed. 0% deviation within 5% tolerable (AU-C 530.A12).

BP-02 Manual Journal Entry Review & Approval

PCAOB AS 2201.44; PCAOB AS 2110.65 (management override fraud risk)

EFFECTIVE

All 15 items passed. 0% deviation within 8% tolerable (AU-C 530.A12).

Controls

4

2 ITGC · 2 BP

Exceptions

2

Each requires workpaper documentation

Coverage gaps

0

All controls meet AU-C 530 floor

Overall

DEFICIENCIES

Remediate before §404(b) review

Running this in production

Install the CLI in 30 seconds.

# Ephemeral run against the bundled demo config npx -y https://prova.grindworks.ai/prova-sox-audit-0.1.0.tgz --demo # Or against your own config npx -y https://prova.grindworks.ai/prova-sox-audit-0.1.0.tgz ./q1-controls.json --format=json > workpaper.json # Global install npm install -g https://prova.grindworks.ai/prova-sox-audit-0.1.0.tgz

Every run appends a hash-only event to ~/.prova/audit.jsonl — never plaintext, only SHA-256 digests of the input config and output workpaper. External auditors can verify testing was run without ever seeing your entity data.

Full install + config schema docs

Ready for agentic evidence collection + continuous testing?

The open-source CLI is the starting point. The paid product adds agentic evidence collection across NetSuite / Workday / Okta / GitHub / Stripe, continuous control testing (not quarterly), a signed artifact chain, and one-click external audit firm export for §404(b) integrated audits. Built for PE portcos and sub-$500M public microcaps whose 2–5 person internal audit teams can’t hand-roll quarterly evidence at audit-firm quality.

Join the design-partner waitlist →