Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. NQM Financial Audit Analytics
NquiringMinds Ltd

NQM Financial Audit Analytics

Financial audit analytics applies artificial intelligence insight to the audit process. FAA can remove the drudgery of manual audit processes and provide high level insights, by sampling trends form the entire transaction population, intelligently transforming the audit process

Features

  • Combine and renoncile data feeds (POs, invoices, payments etc)
  • Optional integration into third parties - e.g companies house
  • Auto reconcile disclosure accounts
  • Advanced trend analysis
  • Anomaly detection across transaction sets
  • Extensible with custom analysis
  • Novel transaction sampling regimes
  • Automatic transaction lifestyle assembly
  • Holistic analysis across entire transaction set

Benefits

  • Automate repetitive tasks to reduce auditors burden
  • Focus auditing activity on higher risk items
  • Upskill audits with advanced AI/ML and statistical tools
  • Better fraud/data error detection
  • Holistic analysis across all full transaction population
  • Benchmark accounts against industry norms

Pricing

£2,000 to £3,800 an instance a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick@nqminds.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 8 8 4 9 1 4 7 2 0 1 8 2 1 1

Contact

NquiringMinds Ltd Nicholas Allott
Telephone: 07714145711
Email: nick@nqminds.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
NquiringMinds Trusted Data Exchange, secure analytics platform
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
N/A

User support

Email or online ticketing support
Email or online ticketing
Support response times
2 hours - Mon-Fri 8-6
5 hours all other times
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
User testing
Onsite support
Yes, at extra cost
Support levels
Basic support provided in the original package

Enhanced support (on site/one to one tutorials etc) provided at £100/hour
Support available to third parties
Yes

Onboarding and offboarding

Getting started
System is fully documented with examples, videos and walk through.

Training can be provided either online of physically.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be downloaded from the system at any time.

By default CSV and JSON formats are supported, New formats can be provided on request.

In addition to built in export functions, the APIs provides the ability to create customised export and synchronisation functions.
End-of-contract process
Customer is reminded at 3 month and 1 month before contract termination.

If customer does not want to renew they are advised to take the necessary data exports.

API is provide and support can be requested for customer specific data extraction.

At 2 week before contract termination, we provide a shut down check list to customer for approval.

On contract termination, we initiate the service shutdown, which includes data removal, data deletion and full wipe of dependent hardware.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Minor formatting to improve user experience
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Service interface provides a user interface for back end administration functions as well as full programmatic API access
Accessibility standards
WCAG 2.1 A
Accessibility testing
The service has been tested by users of assistive technology across its customer base to ensure ease of use.
API
Yes
What users can and can't do using the API
We provide a full API that provides secure, permission access to everty aspect of the platform function.

Multiple APIs exist : Open API, native language APIs (JavaScript, C, Python etc), streaming and GRPC APIs
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Through the API almost any customisation can be performed including.

- new user interface
- imports/exports data
- data synchronisation
- integrated external authentication server
- new analytics process
- new data storage
- interpretation external applications
- new workflows

Access to API is controlled by the administrator through API tokens

Scaling

Independence of resources
Each customer is provided with their own server instance.

Analytics

Service usage metrics
Yes
Metrics types
Data is stored on every aspect of service usage for both security and administration purposes.

This information can be provided in raw form or higher level analytics as a report or dashboard or alert.

It can cover things such as which service used, how long used for , when used, processing required, data accessed etc.
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported in CSV or JSON formats. These tools are built into the platform.

Through the API new export formats can be provided. And/or more sophisticated backup or extraction processes.
Data export formats
  • CSV
  • Other
Other data export formats
JSON
Data import formats
  • CSV
  • Other
Other data import formats
JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We aim to provide 99.9% availability across our application portfolio and historically have achieved this figure.

If we fail to meet this objective within any calendar month the customer can apply for a commensurate refund.
Approach to resilience
Underlying physical availability is provided with appropriately configured commercial cloud based provider (typically Azure or AWS).

At a software level we can provide clustering, replication and round robin allocation of resource requests.

Precise resilience requirements can be negotiated with the end customer.

Full details in request.
Outage reporting
We provide all of
- data dashboard
- API
- email alerts

System availability is measured both through the end application availability and health checks on all dependent underlying processes

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
Access restrictions in management interfaces and support channels
Every user is authenticated by known and trusted authentication provider and is provided with an appropriate authorisation level.

This authorisation level determine what service they have access to.

This authorisation fine grained allowing access to micro service definitions. The authorisation levels can be grouped to common authorisation roles.

Any user requesting support/management out of band (e.g. phone) will have to provide appropriate authentication credentials to access service
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
We are Cyber Essentials Plus certified and are seeking to secure ISO/IEC 27001. We are putting in place the necessary governance to achieve this standard.
Information security policies and processes
Reporting flow
- internal /external report
- Chief Security Officer
- Chief Executive Officer

We are currently Cyber Essentials Plus certified and initiating ISO 27001 certification.

We have in place the following policies
- Vulnerability disclosure
- Data breach
- Business continuity
- Data retention
- Incident handing
- Device on boarding/life cycle
- Employee on boarding/life cycle
- Firewall and systems access
- Secure development

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to configuration/change management are singed off by two appropriately qualified personnel.

All changes and processes are required monthly by our chief security officer.

Vulnerability checks are run against our underlying software components continuously using online tools

Full security policy documents can be provided on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our vulnerability threat analysis comes from four primary dimensions

- underlying compute platform
- dependent software components
- employee
- external software attack

Systems exist for real time behavioural analysis for the underlying platform and employee behaviour, with appropriate alerting and escalation.

Continuous threat analysis is performed on underlying software components.

We monitor the relevant CERTS for vulnerability reports additionally

Full security policy documents can be provided on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The platform supports an integrated system log that aggregate relevant logs across component behaviour, network behaviour and user behaviour.

Alerting system is defined that includes both explicit rule based alerts and statistical/ML backed anomaly detection.

Alerts are evaluated by the internal security team escalating to our CSO as required

Full security policy documents can be provided on request.
Incident management type
Supplier-defined controls
Incident management approach
Incident can be reported internally, externally or by paying users.

Incidents can be reported by email, phone or web interface.

Standard forms and triaging processes exist to streamling reporting and level one handling.

Incident reports can be exacted in multiple formats using built in tools

Full security policy documents can be provided on request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
  • Local authority services
  • Other available on request

Social Value

Fighting climate change

Fighting climate change

The service will be delivered in accordance with Nquiringminds environment policy. This includes a commitment to minimise our impact on the environment and work towards net zero greenhouse gas emissions. The policy shapes our decisions relating to purchasing, suppliers, energy use, travel/commuting and waste.
Covid-19 recovery

Covid-19 recovery

The service will be delivered in accordance with Nquiringminds Social Value Policy policy. This includes a commitment to: 1) Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services. 2) Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
Tackling economic inequality

Tackling economic inequality

The service will be delivered in accordance with Nquiringminds Social Value Policy policy. This includes a commitment to: 1) create employment and training opportunities for those who face barriers and from deprived areas and support training that addresses skills gaps. 2) support innovation and disruptive technologies throughout the supply chain 3) take action to identify and manage cyber security risks
Equal opportunity

Equal opportunity

The service will be delivered in accordance with Nquiringminds equality policy. This includes regular reviews to ensure equality for all staff in recruitment, employment, skills, progression and benefits. During any contract we will actively pursue its purpose to provide equality, fairness and respect for all employees and promote our working environment with dignity and respect for all.
Wellbeing

Wellbeing

The service will be delivered in accordance with Nquiringminds Social Value Policy policy. This includes a commitment to: 1) support the health and wellbeing of the workforce 2) demonstrate collaboration with users and communities in the codesign and delivery of services.

Pricing

Price
£2,000 to £3,800 an instance a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free access: demo access is available using synthetic data sets.

A 12-week £10k rapid trial can be arranged, which is discounted against future service fees.

This cost includes, a bespoke client assessment, data processing and data import/integration costs (subject to client making data and processes available)
Link to free trial
Demos can be found on https://nquiringminds.com

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick@nqminds.com. Tell them what format you need. It will help if you say what assistive technology you use.