Active audit methodology for Big 4 firms.
Drive engagements through Big-4-spine FSM execution + Bayesian RMM scoring + tamper-evident workpaper bundles. Built for firm-org tenancy with ISA 600 component-auditor coordination.
Big 4
Methodology spine
FSM
Active execution
Bayesian
RMM scoring
Merkle
WP integrity
What's new for Big 4
Four major surfaces ship together as the v3.0 Audit Firm tier — built around how partner-led engagements actually run.
FSM Execution
Drive engagements through the canonical 7-state lifecycle (Planning → Risk Assessment → Fieldwork → Evaluation → Reporting → Sealed) with audit-trailed transitions. Each state emits the workpaper templates your firm expects — exportable to Caseware Cloud XML, TeamMate JSON, PDF, or generic JSON for downstream tooling.
- Big-4-spine FSM with jurisdictional overlays (PCAOB, EU CSRD, UK FRC, +4)
- Audit-trailed state transitions with actor + reason + timestamp
- Per-state workpaper template emit to Caseware / TeamMate / PDF / JSON
Interactive RMM
Bayesian risk-of-material-misstatement scoring with prior overrides. Calibrate VynFi's 12-factor model against your firm's framework (EY GAM, KPMG KAM, PwC Aura, Deloitte Omnia) and surface per-account score deltas in real time as auditor judgment overrides reshape the posterior.
- 12 factors: complexity, volume, control strength, manual JE frequency, +8 more
- Closed-form Beta posterior updates — sub-3s p95 on 100-account engagements
- Prior-override audit trail with auditor + rationale + timestamp
L4 Graph Explorer
Query the integrated audit graph across the full L4 schema: entities → components → accounts → assertions → controls → procedures → evidence → working papers → findings. Visual D3 explorer with type filters, neighbourhood views, and drill-down to the underlying records.
- 11-node, 10-edge ISA-aligned audit graph schema
- D3 force-directed layout with role-coloured nodes
- Drill-down from finding → procedure → evidence in two clicks
Merkle WP Bundles
Tamper-evident workpaper bundles with a public verify endpoint for regulator submission and peer review. SHA-256 Merkle trees with deterministic root, leaf inclusion proofs, and a manifest.json that any third party can verify without a VynFi account.
- Deterministic bundle structure (sorted file names + Stored compression)
- Public verify endpoint (rate-limited, 60 req/min)
- Hex-edit any leaf — verify immediately surfaces the drift
How firm-org tenancy works
Built around the actual organisational shape of an audit firm — not retrofitted onto a single-tenant SaaS contract.
Firm → Office → EngagementTeam → User
The tenancy model mirrors the firm hierarchy. A Firm contains Offices (legal entities, jurisdictions). Offices host EngagementTeams (the actual partner / manager / senior / associate groups working a single client). EngagementTeams contain Users with role assignments. Every artifact — engagement, FSM state, RMM score, WP bundle — is anchored to a specific EngagementTeam under a specific Office under a specific Firm, and access flows through that hierarchy.
- Firm-level admin: contract, seat allocation, billing
- Office-level admin: jurisdictional configuration, methodology overlay selection
- EngagementTeam-level admin: scope, materiality, component coordination
- User-level: 5 role types (Admin / Partner / Manager / Senior / Associate)
Cross-firm invitation flow (ISA 600)
A group auditor at one firm can invite a component auditor at any other firm — no prior tenancy required. The invitee gets a tokenized link, accepts, and receives scoped read-only access to the designated artifacts (FSM state, RMM scores, L4 sub-graph, WP bundles). Every cross-firm read is audit-logged. When the engagement closes or the invitation expires, access auto-flips to read-only and the termination event is captured.
- Email + tokenized link, no pre-existing tenant required
- Scoped permissions: which engagement, which artifacts, which time window
- Every cross-firm read audit-logged (actor + artifact + timestamp)
- Auto-expiry with read-only flip on engagement close
RBAC matrix: 5 roles × 6 resources
Permissions are evaluated against a 5-role × 6-resource matrix. Roles: Admin, Partner, Manager, Senior, Associate. Resources: Engagement, FSM state, RMM score, L4 graph, WP bundle, Cross-firm invitation. The matrix is enforced server-side at the route handler, with an integration test pinning every cell. Component auditors operate under the cross-firm invitation grant — a seventh implicit "role" with read-only permissions bounded by the invitation scope.
What you get
The Audit Firm tier is the full VynFi platform plus the v3.0 active-methodology surfaces, on a procurement-friendly contract.
Audit Firm tier — annual seat-based subscription
A new commercial tier sized for Big 4 / mid-tier methodology + transformation teams. Predictable annual fees, multi-year MSAs, enterprise discounts, and procurement-friendly contracting language.
Configurable seat counts per firm
Up to N seats per firm with role-based assignment across offices and engagement teams. Add seats mid-term with prorated billing; remove or reassign seats without losing audit-trail provenance.
All Wave 1-3 features included
The complete VynFi platform: read-only audit-methodology catalog (Wave 1), 100-entity group consolidation under IFRS 3 / 10 / 28 / 21 / 29 / 36 + ISA 600 (Wave 2), and multi-period chain composition with closing-balance carryover (Wave 3).
Plus all v3.0 active-methodology surfaces
FSM execution, interactive Bayesian RMM, L4 graph explorer, Merkle WP bundle gen + verify, and ISA 600 cross-firm component-auditor invitations.
Microsoft Entra SSO at launch
Single sign-on via Entra External ID for any firm tenant. SAML federation on the roadmap for firms with non-Microsoft IdP standards. SCIM provisioning available on request.
SOC 2 Type II compliance roadmap
Type I report scheduled for 2026 H2; Type II for 2027 H1. Until then, the platform runs against a SOC 2-aligned control set with quarterly internal review. Public security page documents the current control posture.
How it compares
Most existing tools own one slice of the audit-tech stack. VynFi Audit Firm covers methodology, risk, integrity, and synthetic data — exporting to your existing workpaper authoring tool rather than replacing it.
| Tool | Synthetic data generation | Active FSM execution | Bayesian RMM (calibration) | Merkle WP integrity | ISA 600 cross-firm | Open-API ecosystem |
|---|---|---|---|---|---|---|
Caseware Cloud | No built-in synthetic data generation | Workpaper-level workflow, not engagement FSM | Configurable RMM, not Bayesian-calibrated | No | Partial | Partial |
TeamMate | No synthetic data; relies on imported client data | Workpaper authoring; engagement workflow add-on | Risk register tooling, not Bayesian-calibrated | No | Partial | No |
MindBridge | Real-data ingestion + ML anomaly detection (no synthesis) | Analytics layer, not an engagement FSM | ML risk scoring (proprietary, not Bayesian-explainable) | No | No | Partial |
VynFi Audit FirmAudit Firm | Forward-generated 100-entity group datasets, IFRS 3/10/29/36 + ISA 600 | Active 7-state engagement FSM with audit-trailed transitions | 12-factor Bayesian model with closed-form Beta priors + override trail | Yes | Yes | Yes |
Caseware, TeamMate, and MindBridge are trademarks of their respective owners. VynFi has no affiliation with these tools. Comparison is based on publicly-available product information.
Frequently asked questions
Quick answers for partners and methodology leads evaluating the Audit Firm tier.
What's the difference between Audit Firm and Enterprise tiers?
Enterprise is built around a single corporate consumer (CFO group, internal-audit team, methodology team) buying synthetic data + group-audit datasets for their own use. Audit Firm is built around a partner-led firm — multiple offices, multiple engagement teams, dozens of partners and managers — that needs cross-firm coordination, methodology execution, RMM calibration, and tamper-evident workpaper integrity. Audit Firm includes everything in Enterprise plus active FSM execution, interactive Bayesian RMM, the L4 graph explorer, Merkle WP bundle gen + verify, ISA 600 cross-firm invitations, firm-organization tenancy (Firm / Office / EngagementTeam / User), and a 5-role × 6-resource RBAC matrix.
Does VynFi compete with Caseware or TeamMate?
No. VynFi exports to those tools rather than replacing them. Per-state workpaper templates emit to Caseware Cloud XML and TeamMate JSON natively, so your audit teams keep their existing authoring environment. VynFi's value is the methodology spine + risk + synthetic-data layer that sits beneath those tools — generating the data, scoring the risk, and producing the audit-trailed FSM transitions that your authoring layer renders. Most firms run Caseware or TeamMate alongside VynFi; we're the source-of-truth methodology layer, they're the workpaper editor.
How does cross-firm coordination work for ISA 600 component auditors?
A group auditor invites a component auditor (at any firm — they don't need to be on a VynFi tenant in advance) by email plus a scoped permission set. The invitee accepts via a tokenized link and receives read-only access to the designated artifacts: FSM state for the engagement, RMM scores for assigned accounts, the relevant L4 sub-graph, and the WP bundles they're authorised to inspect. Every cross-firm read is audit-logged with timestamp, actor, and artifact. When the engagement closes (or the invitation expires), access auto-flips to read-only, and the audit trail captures the access termination event.
Is the Merkle WP verify endpoint really public?
Yes — the verify endpoint requires no authentication and accepts any sealed bundle. Regulators (PCAOB, FRC, AOB, etc.), peer reviewers, and litigation teams can verify a bundle's integrity without a VynFi account. The endpoint is rate-limited to 60 req/min per IP to prevent abuse, but otherwise unrestricted. This is how Merkle integrity primitives are supposed to work: the verifier doesn't need to trust the issuer; they only need the bundle and the hash function. We've made the verifier trivially accessible because there's no value in gatekeeping it.
Can our RMM framework override VynFi's Bayesian scoring?
Yes — that's the core feature. VynFi's 12-factor Bayesian model produces an objective second opinion, but auditor professional judgment is the final word. Every prior in the model can be overridden interactively, with the override captured in the audit trail (actor, rationale, timestamp). The model re-scores in real time as overrides are applied, surfacing per-account deltas so partners can see exactly how their judgment reshapes the posterior. The Bayesian model is a calibration check, not a replacement — it complements EY GAM, KPMG KAM, PwC Aura, and Deloitte Omnia rather than competing with them.
When do you support SSO?
Microsoft Entra SSO ships at Audit Firm tier launch via Entra External ID and the standard OIDC flow. SAML 2.0 federation is on the roadmap for firms standardised on non-Microsoft identity providers (Okta, Ping, ADFS). SCIM 2.0 provisioning is available on request for firms wanting automated user lifecycle management against their existing IdP. Most Big 4 firms run hybrid Microsoft / Okta estates today, so we expect SAML to land within the first two quarters post-launch.