Better audits, by design.
Understand more. Audit better.
Prufy helps auditors understand complex environments, design better audits and support every conclusion with traceability.
Built from real technology risk audit work in financial institutions.
Audit engagement
IT Supplier Management
- 2024
- Previous audit
- 0
- Open recommendations
- 0
- Stakeholders identified
- 0
- Documents reviewed
- 0
- Processes documented
- 0
- Risks
- 0
- Controls
- 0
- Planned tests
Application security, IT supplier management, Logical access, Cloud security, Technology resilience, AI governance
The reality of the work
An audit is built long before the report.
Before a single test runs, the auditor must understand the business, its systems, its history and the risks that matter.
Today, that knowledge is fragmented across documents, meetings, emails, screenshots, previous audits and internal systems.
Prufy turns that fragmented knowledge into one connected audit workspace.
Discovery
IT Supplier ManagementNew audit
Build the context from the ground up.
Recurring audit
Identify what has changed since the previous review.
The supplier management process relies on a central vendor register maintained by Procurement, with technology assessments performed before onboarding and at contract renewal…
- Previous audit available2024
- 3 process changes detectedsince last audit
- 2 recommendations remain openfollow-up
- Stakeholder interview pendingscheduled
- Suggested risk for auditor reviewawaiting decision
The Prufy Method
A technology risk audit methodology, built into the product.
Discovery, working papers, drafts, reports and remediation records are living views of the same audit knowledge.
How auditors work with Prufy.
Understand the audit
01Build the discovery from interviews, previous audits, policies and current changes.
What are we auditing, how does it work, what has changed and what matters?
Design the audit work
02Define scope, risks, expected controls, tests and evidence requirements.
Prufy proposes. The auditor decides.
Test and document
03Manage evidence requests, testing and working papers, with every result connected to its evidence.
No conclusion without traceability.
Conclude and follow through
04Develop findings, produce deliverables and track action plans until closure.
The audit does not end when the report is issued.
From evidence to finding
Detection is automated. Judgment is not.
01Audit criterion
Policy §4.2 requires quarterly privileged access reviews.
02Evidence
IAM configuration shows an annual review cadence.
03Prufy analysis
Potential control inconsistency detected
04Human decision
Auditor review required.
05Traceable output
Draft finding connected to 2 sources, 1 control and 1 risk.
The auditor remains the auditor. Prufy makes them better.
Audit work extends beyond a single engagement.
Auditors run planned audits, urgent reviews and open recommendations at the same time. Prufy keeps all of that work connected in one place.
Audit portfolio
FY 2026- IT Supplier ManagementDiscovery
- Application SecurityFieldwork
- Logical Access ReviewReporting
- Security Incident ReviewAd hoc
Security by design
Designed for the most sensitive audit work.
Technology audits contain architectures, vulnerabilities, incidents and unresolved findings. Protecting them is a design requirement from day one, not a later addition.
Data isolation
Segregated customer workspaces with no shared audit knowledge.
Access control
Role-based access aligned with how audit teams are organized.
End-to-end traceability
Complete activity trails across evidence, decisions and outputs.
Who's behind Prufy
Built at the intersection of audit, cybersecurity and enterprise AI.
Prufy was founded by Kiyoshi Omaza, a technology risk and cybersecurity professional with first-hand experience across internal IT audit, cloud security and regulated enterprise environments. His career includes Grupo Cajamar, Deloitte, EY, Accenture, NTT DATA and Fujitsu, where he most recently served as Head of Cloud Security.
In 2025, Kiyoshi left Fujitsu to found Theia Craft, the applied AI R&D studio behind Prufy. Theia Craft develops secure and governed AI capabilities for high-trust enterprise environments. Prufy applies that work to a profession Kiyoshi has practised first-hand.
Kiyoshi Omaza
Founder, Prufy & Theia Craft
Technology risk audit·Cybersecurity·Cloud security·Enterprise AI
Mathematics & Computer Science, UPM