Prufy

Better audits, by design.

Understand more. Audit better.

Prufy helps auditors understand complex environments, design better audits and support every conclusion with traceability.

Built from real technology risk audit work in financial institutions.

Audit engagement

IT Supplier Management

Discovery
2024
Previous audit
0
Open recommendations
0
Stakeholders identified
0
Documents reviewed
0
Processes documented
0
Risks
0
Controls
0
Planned tests

Application security, IT supplier management, Logical access, Cloud security, Technology resilience, AI governance

The reality of the work

An audit is built long before the report.

Before a single test runs, the auditor must understand the business, its systems, its history and the risks that matter.

Today, that knowledge is fragmented across documents, meetings, emails, screenshots, previous audits and internal systems.

Prufy turns that fragmented knowledge into one connected audit workspace.

Discovery

IT Supplier Management

New audit

Build the context from the ground up.

Recurring audit

Identify what has changed since the previous review.

The supplier management process relies on a central vendor register maintained by Procurement, with technology assessments performed before onboarding and at contract renewal…

  • Previous audit available2024
  • 3 process changes detectedsince last audit
  • 2 recommendations remain openfollow-up
  • Stakeholder interview pendingscheduled
  • Suggested risk for auditor reviewawaiting decision

The Prufy Method

A technology risk audit methodology, built into the product.

Context and scope
frames
Processes and systems
expose
Risks
mitigated by
Controls
verified through
Audit procedures
producing
Evidence
yielding
Test results
grounding
Conclusions
formalized as
Findings
driving
Recommendations
tracked as
Action plans

Discovery, working papers, drafts, reports and remediation records are living views of the same audit knowledge.

How auditors work with Prufy.

Understand the audit

01

Build the discovery from interviews, previous audits, policies and current changes.

What are we auditing, how does it work, what has changed and what matters?

Design the audit work

02

Define scope, risks, expected controls, tests and evidence requirements.

Prufy proposes. The auditor decides.

Test and document

03

Manage evidence requests, testing and working papers, with every result connected to its evidence.

No conclusion without traceability.

Conclude and follow through

04

Develop findings, produce deliverables and track action plans until closure.

The audit does not end when the report is issued.

From evidence to finding

Detection is automated. Judgment is not.

01Audit criterion

Policy §4.2 requires quarterly privileged access reviews.

02Evidence

IAM configuration shows an annual review cadence.

03Prufy analysis

Potential control inconsistency detected

04Human decision

Auditor review required.

Review supporting evidenceRequest additional evidenceDismissDevelop finding

05Traceable output

Draft finding connected to 2 sources, 1 control and 1 risk.

Policy §4.2IAM exportCTRL-016 Access reviewsRSK-011 Excessive privileged access

The auditor remains the auditor. Prufy makes them better.

Audit work extends beyond a single engagement.

Auditors run planned audits, urgent reviews and open recommendations at the same time. Prufy keeps all of that work connected in one place.

Audit portfolio

FY 2026
  • IT Supplier ManagementDiscovery
  • Application SecurityFieldwork
  • Logical Access ReviewReporting
  • Security Incident ReviewAd hoc
12 open recommendations3 high-criticality actions due this month

Security by design

Designed for the most sensitive audit work.

Technology audits contain architectures, vulnerabilities, incidents and unresolved findings. Protecting them is a design requirement from day one, not a later addition.

Data isolation

Segregated customer workspaces with no shared audit knowledge.

Access control

Role-based access aligned with how audit teams are organized.

End-to-end traceability

Complete activity trails across evidence, decisions and outputs.

Who's behind Prufy

Built at the intersection of audit, cybersecurity and enterprise AI.

Prufy was founded by Kiyoshi Omaza, a technology risk and cybersecurity professional with first-hand experience across internal IT audit, cloud security and regulated enterprise environments. His career includes Grupo Cajamar, Deloitte, EY, Accenture, NTT DATA and Fujitsu, where he most recently served as Head of Cloud Security.

In 2025, Kiyoshi left Fujitsu to found Theia Craft, the applied AI R&D studio behind Prufy. Theia Craft develops secure and governed AI capabilities for high-trust enterprise environments. Prufy applies that work to a profession Kiyoshi has practised first-hand.

Kiyoshi Omaza

Founder, Prufy & Theia Craft

LinkedIn

Technology risk audit·Cybersecurity·Cloud security·Enterprise AI

Mathematics & Computer Science, UPM