Trust Center · Audit

Audit readiness: the answer is ready before the question

An audit doesn't scare the team that holds the evidence. In NOVA, every execution, approval and permission change is documented the moment it happens: turning audit preparation from weeks of chasing systems into exporting ready bundles.

Discuss compliance readiness Explore the governance center

The evidence vault

Evidence forms during operation, not before the review

One record receives everything that happens: agent decisions, human approvals, permission changes: with actor, time and a stable reference. Beside it, ready export bundles for any period or scope.

Evidence vault: audit fileLive

Evidence log

Claims agent

Assessed a claim and routed it to human review

EV-9C1211:04

Head of finance

Approved a payment batch within the ceiling

EV-9C0F10:57

Platform admin

Documented a permission change on the warehouse

EV-9BF410:31

Settlement flow

Completed the daily settlement with no exceptions

EV-9B8809:00

Ready export bundles

Quarterly review file

Records, approvals and permissions · 90 days

Ready

Payments-flow trail

Every execution and decision since launch

Ready

Illustrative NOVA interface: names and references are examples, not customer data.

The decision trail

From the question to the source in one thread

When the auditor asks “why did this action run?”, you don't open an investigation: you open the timeline: who triggered the flow, under which permission, what the agent decided, and who approved the exception. Every step links to the one before and after it.

End-to-end traceability

From trigger to final action: the full execution path with its stages and references: read as a sequence, not fragments.

Approvals in context

Every human approval appears at its place in the path: who approved, when, and what they saw when they decided.

Ordered review queues

Whatever awaits approval sits in a clear queue with its age and owner: nothing gets lost or piles up silently.

Execution trail: claims flow

Request receivedOfficial WhatsApp channel · identity verified

Done

Agent assessmentReads authorized fields only · classifies within policy

Done

Human approvalAbove threshold → department head sign-off recorded

Active

Execute & documentThe entry lands in the vault with a stable reference

Building the audit file

Four steps to a ready file

How an audit file comes together in NOVA, days before the review, not months.

Define the scopeScope

Pick the period, flows and systems the review covers: a quarter, a single flow, or one specific agent.

Review policies and their historyPolicies

The policies in force during the period: and their changes: are documented with dates, so you show the auditor what applied at the time of each decision.

Export the evidence bundleExport

Records, approvals and permission history for the defined scope export as one bundle with coherent references.

Hand over, answer from the recordHandover

Follow-up questions are answered from the same timeline: not from memory or scattered email threads.

The answers map

Auditor’s question → where the answer lives

The questions every review repeats, and where their ready answer sits in NOVA.

“Who holds access to this system?”

The permission map: every role and agent with its scope on each data source: including when access was granted and changed.

Permission map

“On what basis did the agent take this action?”

The execution trail: the decision's inputs, the policy in force at the time, and its steps: in the flow's own timeline.

Output oversight

“Who approved this exception, and when?”

The approvals record: every human sign-off with its owner, time and place in the path: retrievable by its stable reference.

Evidence vault

“Where is the data hosted, and how is it protected?”

In-Kingdom residency by default, encryption in transit and at rest: detailed on the security and PDPL pages.

Security model

An audit-ready organization doesn't prepare for the review: it operates in a way that makes the review a reading of what is already documented.

A NOVA design principle

Audit questions

What the review team asks

Audit readiness means the organization can show a reviewer, at any moment, what actually happened: which agent executed which action, on which data, under which permission, and with whose approval: with documented evidence rather than verbal accounts. In NOVA that evidence forms automatically with every execution, so your team never has to reconstruct the story before a review.

Every execution and decision: flow runs and their steps, AI-agent decisions and what they relied on, human approvals with their owner and timestamp, and changes to permissions and policies. Each entry carries the actor's identity, the time and a stable reference: so the trail reads as one reviewable, exportable timeline.

Yes. Evidence for any period or scope: a specific flow, a specific agent, or a full quarter: assembles into a single export bundle covering the records, approvals and permission history, so the auditor receives one coherent file instead of chasing systems and inboxes.

Because the evidence forms during operation, not after it: policies have documented enforcement, approvals are recorded the moment they happen, and permissions carry a full change history. Preparation shifts from reconstructing months of decisions to reviewing ready evidence bundles: with the remaining effort depending on your audit's scope and systems.

Your next audit: an export, not an investigation.

Bring your auditor's questions to a session with a solutions engineer: and we'll show you where each answer lives in NOVA, on your own scenarios.