London 2026

Enterprise Audit & Risk

Powered
by agents,
not headcount.

Kaption builds AI agents that take on the manual work of audit and risk, so expert teams can spend their time where judgement matters: providing assurance on risk, and helping the business improve.

Request a demo

kaption / solution / multi-agent audit testing Engagement · Q2 controls

maatRTR / access reviewcontrol 03

Testing access review control, quarter close

01 Rule Check: control is testable, has a deterministic standard OK
02 Evidence Check: gold-source PDFs + system extracts present OK
03 Execution Check: recomputing reconciliation in sandbox Running
04 Conclusion Check: verifying closing action complete Queued

01 / What we are

Not a GRC tool. Not a workflow software. Not a chat interface over data.

Kaption builds AI agents that perform the actual groundwork: finding evidence, running analysis, forming judgement, and returning a verdict that traces back to the source. Built for high-stakes environments where a wrong answer has consequences.

Our first solution is MAAT, Multi-Agent Audit Technology. It handles internal control testing, end-to-end.

02 / The problem

Manual control testing is structurally impossible at scale.

01 · Capacity

Manual testing doesn't scale with the team.

Small audit team, hundreds of controls, many risk area and entities never get tested.

Fewer than 10%

of enterprises test their full control universe even once a year.

02 · Cost

Outsourcing buys coverage you can't afford.

Big 4 testing cost >100k for one domain. Full control coverage it's a fantasy.

+75%

growth in audit fees in the past five years.

03 · Insight

Findings arrive months after they could be acted on.

Gaps surfaced long after the audit, improvement not actions timely.

Annual

is still the dominant cadence for control assurance.

03 / THE HOW

Each agent reads the work, performs it, and writes it up, end to end.

Read.

Each agent ingests the relevant narratives, policies and prior workpapers, then learns the population it has to test.

Test.

It selects, gathers evidence, and evaluates against the control design, at a sample size humans rarely reach by hand.

Document.

Findings, evidence trails and executive-ready report are written as it goes. Never reconstructed after the fact.

04 / What MAAT delivers

Every conclusion cited. Every step Explained. Not a black box.

A · The Verdict

A position, not a score.

OK, Not OK, or Needs Review. No ambiguous ranges. When confidence is insufficient, agent flags rather than guess.

control 03 / access review OK ✓

B · The Reasoning

Plain language, end to end.

The full chain of logic. What Agent found, what it concluded, why. Readable by the auditor, the CFO, and the external reviewer.

Two-stage approval present. Both sign-offs precede posting date. Threshold £25k complied with. Reconciling items balance within tolerance.

C · The Citations

Back to the source.

Every conclusion cited to the exact page of a PDF, the exact cell of a workbook, the exact paragraph of a policy. Click and you're there.

evidence:
approval_log.pdf · p.4 recon_q2.xlsx · J22 policy_03.md · §4.1

D · The Trace

Every step, preserved.

Every tool call, every intermediate conclusion, every sub-agent delegation. The team can open the trace and push back on any step.

[01] read · approval_log.pdf
[02] bash · python recon.py
[03] delegate · threshold check
[04] verdict · OK

05 / How we differentiate

GRC platforms organise the work. We do it.

The question

GRC platformsAuditBoard · ServiceNow · Workiva · Fieldguide

KaptionMAAT · the audit agent

Who reads the evidence?

The team manually reads it.

The agent reads it. Full documents, evaluated against the control's criteria.

Who forms the judgement?

The team manually forms it.

The agent forms it, and cites every conclusion back to the source.

What does the AI do?

Search, summarisation, report drafting. Administrative overhead.

The verification work itself. Reads evidence, recomputes calculations, delegates narrower questions to focused sub-agents.

What's required to start?

An integration project, a roll-out plan, training.

Your Risk & Control Matrix and the evidence you already collect. Nothing new to produce.

06 / Pilot results

"Far beyond anything similar in the market."

Head of Internal Audit & Risk Control European manufacturing group
~7,000 employees · 800 controls · 10 entities

85%

Reasoning alignment of Agent’s reasoning matched experienced auditor reasoning. Not just reaching the same verdict, but arriving there the same way.

<10%

False negatives across the pilot. When confidence was insufficient, Agents flagged rather than passed. The system is adjustable toward caution.

<2min

Per control average assessment time, with full cited reasoning ready for review.

Use cases,
in practice.

01 SOX & ICFR

Financial controls, end to end.

Consolidation and close, procure-to-pay, payroll, inventory, treasury, valuation. The full range of control types: calculations, reconciliations, process and approval workflows.

02 Entity expansion

Bring satellite entities back in scope.

Subsidiaries, lower-frequency controls, domains outside the core team's expertise. Back in scope at no additional team cost. MAAT runs in parallel.

03 Continuous testing

Rolling assurance, not point in time.

Run MAAT on a rolling basis as evidence is collected, rather than annual or quarterly cycles. Failures surface in weeks, not months.

04 Pre-audit readiness

Enter the external audit with a clear picture.

Run MAAT across the full population before the external auditor arrives. Identify gaps, remediate, and know where the risks are.

05 Quality assurance

A second reviewer, every time.

Use MAAT to independently verify assessments the team has completed manually. A consistent, traceable second-pass review.

06 Built with practitioners

Shaped by the people who use it.

Designed around the questions an audit team must actually answer. Not around AI architecture conventions.