Assurance Platform

About this platform

What it accomplishes, how its controls were recommended, and the value it delivers — to a CFO, a CTO, and an internal auditor at a public financial-services company.

What it's intended to accomplish

A NetSuite implementation is most fragile in the weeks around and after go-live — integrations drift, the first month-end close strains, access creeps past least-privilege, and executives lose visibility exactly when they need it most. This platform is an internal control tower that takes an in-flight NetSuite implementation safely into production and then runs it.

Monitor what moves · govern what changes · prove what happened · explain what matters.

It is an operational/governance overlay around NetSuite and the surrounding systems — deliberately not an ERP replacement and never a general-ledger posting engine. The non-negotiables: an immutable, in-transaction audit trail; least-privilege RBAC, default-deny (an Internal Auditor is read-all / mutate-none); human-in-the-loop AI that may draft but never finalize; and source-backed KPIs that each drill down to the events that produced them.

The four modules
Integration Monitor
Is data flowing correctly?

Real-time health of every NetSuite connector and job run — failures classified by error taxonomy, reconciliation breaks, a connector dependency map, and a governed, idempotent retry/replay (no double-applies, every action audited).

Finance Controls Hub
Are the controls operating?

The exception queue (severity/SLA/owner), the approval engine (role-gated, dual-approval aware), the SoD rule engine + violations, emergency/break-glass access (time-boxed, fully audited), control-testing results, change records, and a privileged-access register.

Executive Cockpit
Can we exit hypercare — is the investment paying off?

A versioned, explainable readiness score with a "why it moved" driver breakdown, the board KPI set, the Close Command Center, business-process health, value-realization tracking, stabilization/hypercare exit gates, the exception burn-down, and user adoption.

AI Analyst
What changed and what matters — explained?

A provider-abstracted LLM service that drafts a source-grounded weekly memo from aggregate-only, RBAC-safe context — hallucination-checked by a grounding eval, persisted with citations, and non-destructive until a human approves it.

How the controls were recommended

The control set is not invented — it is a transparent, source-graded synthesis from two streams of research, triangulated: vendor-primary controls (Oracle/NetSuite's own documentation — System Notes immutability, the Administrator/Full-Access role model, SuiteFlow/SDF change mechanisms, the mandatory twice-yearly Release 1/Release 2 cadence) and accounting-firm partner doctrine (Deloitte, PwC, KPMG, Protiviti, BDO, EY, Grant Thornton — re-examined with ≥3 independent citations per theme and a confidence grade per claim).

Every catalogued control carries its provenance, surfaced in-app on the Controls Library:

oracle_primaryGrounded in Oracle/NetSuite's own primary documentation.
auditor_authoritativeGrounded in named accounting-firm / audit-authority guidance.
synthesizedA reasoned default where no primary enumeration exists — must be validated by Internal Audit before it drives an attestation.
The honesty posture
  • No authoritative, complete, public NetSuite control enumeration exists — Oracle itself says its guidance offers only examples. So the catalog is a flagged synthesis, not a transcription, and says so in the product.
  • Refuted claims are excluded (e.g. a widely-repeated "636 permissions / 4,923 tasks" figure was investigated and killed — it is not cited).
  • Synthesized controls require Internal Audit calibration before they drive attestations.

Full research, the board KPI set, and the control catalog with source flags: PRD_AUDIT.md §13.

Its value
CFO / Audit Committee
  • A single "can we exit hypercare?" signal that is performance-gated (close-time, reconciliation pass, critical-interface success, P1/P2 backlog) — not a comfortable calendar date.
  • Value realization tracked against the business case — the #1 board question: is the investment paying off?
  • Honest numbers: the board shows amber and red where real programs lag, rather than a flattering all-green. Surfacing real gaps is the value.
Internal Auditor
  • An immutable, append-only audit trail of every state change and approval, enforced at the database layer — reproducible evidence, not best-effort logging.
  • Least-privilege & SoD visibility: a privileged-access census (flagged-excessive, review completion) plus a detective-first SoD engine — the root-cause signals behind findings.
  • Control-testing pass rate and deficiencies surfaced with the disclosure lens (significant deficiency / material weakness); change & release control so uncontrolled change is visible.
  • Every control entry shows its source strength — so the auditor knows what to trust and what to validate.
CTO / Program
  • Integration health with classified failures and a governed, idempotent retry — every action audited.
  • A change-control conformance rate and emergency/break-glass access that is time-boxed and fully audited.
  • AI that accelerates without inventing: a source-grounded memo, hallucination-checked, non-destructive until a human approves it.

The throughline. Most go-live dashboards are vanity surfaces. This one is source-backed end to end — every board KPI is computed from real registers and events with drill-down lineage, every control declares its provenance, every mutation is audited, and the AI cites its sources and waits for a human.

Demo note. This is a no-sensitive-data demo on the dev environment. It runs login-free behind a persona switcher (an approved exception to enterprise SSO for sample data; RBAC, SoD, and the audit trail remain enforced server-side per persona), and the AI Analyst runs in its deterministic, grounded mode by default (real Claude is one config flip away via the provider seam).