CONTROLOS · ASK MITIGO

Ask where you're exposed.
Know before your auditor does.

Ask Mitigo is the conversational layer of ControlOS. Ask about any process and it reads across your controls at once — surfacing the weakness forming underneath, and the corrective move, before it becomes an audit finding.

A plain question — "where are my purchasing control gaps?" — comes back as a structured exposure analysis: the specific risk indicators tripping, the business consequence, the exact NetSuite fix, and who owns it. It reasons the way a seasoned controls expert does, grounded in your own control catalog rather than generic advice.

Cross-domain by default
Most tools answer one lens. Ask Mitigo reads process, security, timing, reconciliation, and approval authority together — the way real exposure actually forms.
Predictive, not reactive
It flags where you're about to be exposed — the indicator, the trend, the fraud or material-weakness risk, and the specific corrective step — not a checklist to interpret.
Speaks both languages
Your auditors' language (SOX, COSO) and your system's language — exact NetSuite paths, owners, and thresholds — so every finding is immediately actionable.
SEE IT IN ACTIONRepresentative analyses from a sample NetSuite environment. Connect your own instance for continuous monitoring on live data.
Ask Mitigo — live preview
Ask Mitigo
Predictive control intelligence for your NetSuite environment
Context loaded18 KRIs (4 red)·56 CCM rules (0 failing)·26 SoD rules (0 conflicts)
I am looking at my purchasing process and wondering where are my control gaps that I need to be aware of

Purchasing Process Risk Analysis

REDCritical control gaps in your source-to-pay process create significant fraud and compliance exposure.

TOP PURCHASING RISKS RIGHT NOW

1. Self-Approved Purchase Orders ⚠️ CRITICAL SOX RISK

KRI Alert: NS-KRI-012 shows 5 users can approve POs without spending limits
Business Risk: Unlimited spending authority bypasses budget controls and enables procurement fraud
Immediate Action: Set approval thresholds in Setup > Sales > Sales Preferences > Purchase Orders

2. Vendor Payment Controls Missing ⚠️ CRITICAL FRAUD RISK

SoD Gap: NS-P2P-005 monitors vendor bank detail changes + payment processing conflicts
KRI Alert: NS-KRI-007 shows 3 bills posted without POs (exceeding 2-bill threshold)
Business Risk: Ghost vendor schemes and payment redirection fraud
Immediate Action: Enable three-way matching and vendor approval workflows

3. No Purchase Order Approval Workflow ⚠️ CRITICAL SOX RISK

Control Gap: NS-CFG-020 will flag inactive PO approval workflow when rules run
Business Risk: Unauthorized spending bypasses procurement policies
Immediate Action: Navigate to Setup > Workflow > New Workflow to create PO approval routing

DETAILED PURCHASING CONTROL GAPS

Financial Integrity Risks

Duplicate Vendor Bills: NS-KRI-006 is RED (2 bills detected, breach threshold = 1)
Business Impact: Double payments drain cash flow
Fix: Enable duplicate detection in Setup > Accounting > Accounting Preferences
Bills Without POs: NS-KRI-007 is AMBER (3 bills, warning threshold = 2)
Business Impact: Maverick spending bypasses budget controls
Fix: Enforce three-way matching requirement

Access Control Vulnerabilities

Your purchasing process has several high-risk permission combinations that enable fraud:

NS-P2P-001: Vendor Create + Payment Approval — enables ghost vendor schemes
NS-P2P-003: Vendor Bill Create + Approve — classic AP fraud pattern
NS-P2P-004: Vendor Create + Bill Create — sets up fictitious invoicing
NS-P2P-005: Vendor Bank Edit + Payment Processing — payment redirection fraud

Process Control Weaknesses

Vendor Approval Missing: NS-CFG-006 will flag disabled vendor approval workflow
PO Threshold Bypass: NS-TXN-013 monitors bill splitting to circumvent approval limits
After-Hours Risk: NS-EVT-008 tracks suspicious vendor creation timing

RECOMMENDED REMEDIATION PRIORITY

IMMEDIATE (This Week)

1.Set PO approval limits: Setup > Sales > Sales Preferences > Purchase Orders
Configure dollar thresholds requiring manager approval
Owner: Controller
2.Review vendor bank details: Lists > Relationships > Vendors
Audit recent bank detail changes (NS-KRI-016 shows 1 change)
Owner: AP Manager

SHORT TERM (Next 30 Days)

3.Enable three-way matching: Setup > Accounting > Accounting Preferences
Require PO + receipt + invoice alignment before payment
Owner: Controller
4.Create vendor approval workflow: Setup > Workflow > New Workflow
Route new vendors through approval before activation
Owner: IT Admin + Finance Director
5.Implement SoD controls: Setup > Users/Roles > Manage Roles
Separate vendor creation from payment approval
Separate bill entry from bill approval
Owner: IT Admin

MEDIUM TERM (Next Quarter)

6.Deploy purchase requisition process: Consider SuiteFlow for purchase requests
7.Set up vendor master data governance: Regular vendor file reviews
8.Implement contract management: Link POs to approved vendor contracts

FRAMEWORK COMPLIANCE IMPACT

SOX Controls Affected: 7 of your purchasing-related controls are SOX-relevant

Material weakness risk if self-approved POs continue
Auditors will flag missing three-way matching as a deficiency

COSO Component: Control Activities — your approval workflows need strengthening

Want me to go deeper on any of these findings? I can provide exact NetSuite configuration steps for the immediate fixes, or we can discuss the SoD redesign strategy.

Note: Your CCM rules haven't run yet — connect your NetSuite instance in Connectors > Connect NetSuite to get real-time purchasing control monitoring.

This is sample analysis from loaded controls. Connect your NetSuite instance and Mitigo runs this against your real environment, continuously → Book a walkthrough
Demo · representative output · the live platform monitors your actual environment in real time.