AttestIQA™ — AICPA Automated Verification Compliance Principles
I. Data Completeness
All controls are tested against the full population of applicable records. Population boundaries are defined before testing begins. Exclusions are logged and disclosed in the workpaper. No sampling without documented rationale.
All controls are tested against the full population of applicable records. Population boundaries are defined before testing begins. Exclusions are logged and disclosed in the workpaper. No sampling without documented rationale.
II. Continuous Observation
Technical controls are verified via direct CLI execution by an independent IT Consultant using AuditorReadOnly credentials. Evidence is collected at multiple points during the observation period — not a single point-in-time snapshot.
Technical controls are verified via direct CLI execution by an independent IT Consultant using AuditorReadOnly credentials. Evidence is collected at multiple points during the observation period — not a single point-in-time snapshot.
III. Immutable Logic
Audit test commands are published verbatim in each workpaper via the "View Audit Logic" button. The CPA can inspect the exact query executed for every automated control. Test logic is version-controlled and cannot be altered between evidence collection and workpaper signature.
Audit test commands are published verbatim in each workpaper via the "View Audit Logic" button. The CPA can inspect the exact query executed for every automated control. Test logic is version-controlled and cannot be altered between evidence collection and workpaper signature.
⚠ Practice Alerts
▲ Collapse
✓ No alerts — all engagements are on track.
Total Clients
0
Engagements on file
Active Engagements
0
In progress
Controls Passing
0
Across all clients
Exceptions Found
0
Requiring attention
Client Engagements
Quick Actions
Peer Review Status
Recent Activity
Engagement Progress Board
All engagements by phase
Select a client to open their evidence dashboard and manage their engagement.
Client Engagements
| Client Name | Entity Type | Engagement Period | Status | Controls | Exceptions | Actions |
|---|
Select Client
Select a client to view findings
Report Generation
📄
Section IV
Tests of Controls and Results for CPA workpapers
🤖
AI One-Click Full Report Generation
Compiles all engagement data and generates a complete SOC 2 Type 2 report draft - Sections I, IV, and V - in AICPA AT-C 205 compliant language. CPA reviews and finalizes. Estimated time saved: 8-12 hours per engagement.
📋
Findings Report
Exception detail with management response fields
📪
Letter Templates
Engagement, Bridge, Management, and Representation letters
☑
Compliance Checklists
HITRUST, NIST, HIPAA, Joint Commission
⚖ AICPA Peer Review Requirement
Under AICPA SQMS 1 (effective December 15, 2025), CPA firms performing attestation engagements must be enrolled in an approved peer review program. Peer review must be completed before a firm may issue attestation reports. Failure to maintain enrollment can result in AICPA membership suspension and state board disciplinary action.Authority: AICPA Peer Review Standards | AICPA SQMS 1 | AT-C Section 105.16
🔎 Find a Peer Reviewer
AICPA Peer Review Program — Official enrollment, resources, and requirements CalCPA Peer Review — California Society of CPAs (for California practitioners) AICPA Administering Entities List — Find your state's peer review administrator (PDF)Engagements in scope: The peer reviewer will select a sample of attestation engagements from your current review period. SOC 2 engagements are a common selection target due to their technical complexity.
--
Days until next peer review
Not configured
Review Configuration
Preparation Checklist
Engagements in Current Review Scope
| Client | Engagement Period | Status | Controls | Exceptions |
|---|
Select a client to manage their documents
Generate a Client Portal to send to the client, or import their completed responses.
These checklists map your SOC 2 controls to HITRUST CSF, NIST CSF 2.0, and HIPAA Security Rule requirements. Check each item as you confirm it is addressed by the entity's controls.
Letter Templates
Phase 1 - Onboarding
Phase 2 - Observation
Phase 3-4 - Report Sections
Phase 4 - Closing
Phase 5 - Process Docs
Section V - Other Info
Client
Usage Note: Templates auto-populate from client data. Review all content before use. Have your firm attorney approve engagement and representation letters before sending.
Engagement Letter
License Information
License Key
Current activation
ATIQ-****-****
License Tier
PRO
Client Seats
1 of 25 used
Expiry
--
CPA Firm Profile
Firm Name
CPA License Number
State of Licensure
Session Security
Session Timeout
Auto-lock after inactivity
CPE Credit Tracker
California CPA requirement: 80 hours biennial including 20 hours A&A for attest services. SOC 2 engagements count toward A&A CPE.
Total CPE (biennial)
0 / 80 hrs
A&A Hours (attest requirement)
0 / 20 hrs
💡 SOC 2 engagements count as CPE: Each engagement ≈ 15–25 hours of A&A CPE.
You have 0 engagement(s) ≈ 0 hrs estimated.
AICPA CPE Resources ↗
CalCPA CPE ↗
Log CPE Credit
Regulation Update Notifications
Notification Email
Receive an alert when AICPA issues new SOC 2 or ethics guidance affecting AttestIQA
Data Management
Export All Data
Download engagement files as JSON backup
Import Data
Restore from JSON backup
Data Retention
AICPA standards require audit workpapers to be retained for 7 years.
Account Recovery
Recovery Key
Use this to recover access if you forget your master password
No key generated
Recovery Email (optional)
Used to send a 6-digit recovery code if you forget your key
AI Configuration
Anthropic API Key
Optional — enables AI to draft reports directly in AttestIQA (no copy-paste). Get a key at console.anthropic.com. ~$0.01-$0.05 per generation.
AI Support
Get expert SOC 2 and HIPAA guidance from Claude — available 24/7, no human support required
About
Version
AttestIQA v1.0 - Phase 1
Platform
CPA SOC 2 Type 2 Attestation Suite
Standards
AICPA AT-C Sections 105/205 - SSAE 21
AttestIQA™ v1.1 — CPA SOC 2 Examination Platform | © 2026 Sapphire Healthcare AI, Inc. — All Rights Reserved | Proprietary Software — License Required
What AttestIQA is: A CPA practice management and workpaper platform for SOC 2 Type 2 examination engagements under AT-C Section 205 (SSAE 21). AttestIQA is a tool for licensed CPA firms. It does not perform attestation engagements, set examination scope or timing, determine fees, refer clients to CPA firms, observe audit procedures, or guarantee outcomes. All professional judgments remain exclusively with the CPA.
AICPA Ethics — April 6, 2026 (verified): The AICPA identifies independence threats when CPA firms have business arrangements with SOC 2 tool providers that: shift control of professional judgment; create financial dependency; involve cross-referral arrangements; allow tool providers to observe or influence examination work; set deadlines, fees, or scope; or include non-disparagement clauses. AttestIQA does none of these. CPA firms purchase and control AttestIQA independently. No referral fees. No financial arrangement between AttestIQA and any service organization being examined.
AICPA Code: ET §1.200.001 Independence | ET §1.297 SSAE Independence Standards | ET §1.100.001 Integrity and Objectivity | ET §1.110.010 Conflicts of Interest | ET §1.000.020 Ethical Conflicts | ET §1.000.010 Conceptual Framework | ET §1.210.010 Conceptual Framework for Independence | ET §1.230.030 Determining Fees | ET §1.520.001 Commissions and Referral Fees | ET §1.600.001 Advertising | AT-C Section 205 (SSAE 21) | 45 CFR Part 164 Subpart C | AttestIQA v1.0