SentriAI Feature

Let Auditors Serve Themselves

The audit back-and-forth - requests, screenshots, follow-ups - is where weeks vanish. The auditor portal gives your assessor scoped, read-only, time-boxed access to the evidence they need.

Talk to usFree to start - no card required.
SentriAI · Auditor Portal
ACCESS
read-only
scoped
TOKENS
time-boxed
/auditor-tokens
LEDGER
verifiable
by the auditor
Controls and their statusvisible
Evidence items per controlvisible
Ledger verificationauditor can run
Write accessnone
Token expiredaccess revoked

Illustrative product view

The audit back-and-forth problem

A traditional audit is a queue of evidence requests answered by screenshots and exports over email, each spawning follow-ups. It is slow for you and frustrating for the auditor, who cannot see the underlying system. The auditor portal (/auditor-portal, /auditor-tokens) replaces that with scoped, read-only access so the assessor can look directly at controls, evidence, and the verifiable ledger.

What the auditor can see

SurfaceWhat the auditor getsAccess
ControlsControl set and current statusRead-only
EvidenceEvidence items linked to controlsRead-only
Trust ledgerThe ability to verify the chainVerify
PoliciesCurrent, owned policiesRead-only
Write actionsNoneDenied
Auditor portal access

Auditors can verify, not just view

Because the trust ledger is hash-chained and verifiable, an auditor can do more than read the evidence - they can confirm it was not altered. Running the chain verification independently turns your evidence from “trust us” into “check for yourself,” which is exactly the assurance an assessor is looking for.

How it connects

  • Exposes the control library and its status
  • Surfaces evidence produced by evidence automation
  • Lets auditors verify the tamper-evident trust ledger
  • Complements the public trust center for customer-facing assurance

Frequently asked questions

What is an auditor portal?

An auditor portal is a scoped, read-only workspace that gives your assessor direct access to controls, evidence, and a verifiable audit ledger, instead of exchanging screenshots over email. Fintra grants access through time-boxed tokens, so auditors see what they need for the engagement and access lapses automatically.

Can auditors change anything in the portal?

No. Access is strictly read-only, with verification of the ledger being the only active capability. Auditors can view controls, evidence, and policies and confirm the integrity of the ledger, but they cannot modify anything, so your record stays authoritative.

How is auditor access controlled?

Through time-boxed auditor tokens. Access is scoped to what the engagement requires and expires when the token does, so you are not leaving a standing account open after the audit ends. Expired tokens revoke access automatically.

Can an auditor independently verify the evidence?

Yes. Because the trust ledger is hash-chained and verifiable, an auditor can recompute the chain to confirm the evidence was not altered after the fact. That moves your assurance from asserting the evidence is intact to letting the auditor prove it.

Stay in the loop

One practical finance briefing a week - new guides, checklists, and benchmarks.

 

Cut the audit email thread

Give auditors scoped, read-only, verifiable access to your evidence.

Talk to us