L4 Audit Engagement Graph Schema
The L4 audit-engagement graph schema is a typed, multi-directed property graph that models a complete engagement: eleven node types (entity, component, account, assertion, risk, control, procedure, evidence, working paper, finding, personnel) connected by ten edge types (belongs_to, has_account, asserted_by, indicates_risk, mitigated_by, tested_by, produces_evidence, documents, yields_finding, consolidates_with).
Sub-typed enums then refine each node — the seven assertion kinds (existence, completeness, accuracy, valuation, presentation, rights / obligations, cut-off), four risk kinds (inherent, control, significant, fraud), and four finding severities (observation, deficiency, significant deficiency, material weakness) — so the graph stays semantically precise rather than degenerating into untyped JSON. Endpoint-existence and duplicate-edge-id checks are enforced at validation time.
Use this schema as the canonical data model for an audit-data warehouse, a lineage tracker linking findings back to procedures and evidence, or any system that needs to reason about engagement structure.
- Node types
- 11
- Edge types
- 10
- Catalog version
- 0.14
- Standards basis
- ISA, PCAOB AS, IFRS, IIA GIAS (public standards)
{
"assertion_kinds": [
"existence",
"completeness",
"accuracy",
"valuation",
"presentation",
"rights_obligations",
"cut_off"
],
"edge_type_count": 10,
"edge_types": [
{
"describes": "Component to Entity (membership).",
"type": "belongs_to"
},
{
"describes": "Component or Entity to Account (financial-statement line).",
"type": "has_account"
},
{
"describes": "Assertion to Account.",
"type": "asserted_by"
},
{
"describes": "Risk to Account or Assertion.",
"type": "indicates_risk"
},
{
"describes": "Risk to Control (risk is mitigated by control).",
"type": "mitigated_by"
},
{
"describes": "Control or Risk to Procedure (procedure tests the control / risk).",
"type": "tested_by"
},
{
"describes": "Procedure to Evidence.",
"type": "produces_evidence"
},
{
"describes": "WorkingPaper to Procedure or Evidence (WP documents the artifact).",
"type": "documents"
},
{
"describes": "Procedure to Finding.",
"type": "yields_finding"
},
{
"describes": "Component to Entity (consolidation rollup).",
"type": "consolidates_with"
}
],
"finding_severities": [
{
"rank": 0,
"severity": "observation"
},
{
"rank": 1,
"severity": "deficiency"
},
{
"rank": 2,
"severity": "significant_deficiency"
},
{
"rank": 3,
"severity": "material_weakness"
}
],
"framework": {
"isa_refs": [
"ISA 200",
"ISA 230",
"ISA 240",
"ISA 265",
"ISA 315 (Revised 2019)",
"ISA 330",
"ISA 600",
"ISA 700"
],
"model": "L4 typed audit graph",
"validation": {
"duplicate_edge_id_rejected": true,
"endpoint_existence": true
}
},
"node_type_count": 11,
"node_types": [
{
"describes": "Root engagement entity (group parent or standalone auditee).",
"type": "entity"
},
{
"describes": "Subsidiary or component of the group under audit.",
"type": "component"
},
{
"describes": "Financial-statement line item / account balance.",
"type": "account"
},
{
"describes": "Audit assertion applied to an account (ISA 315 framework).",
"type": "assertion"
},
{
"describes": "Identified risk of material misstatement.",
"type": "risk"
},
{
"describes": "Control activity relevant to the audit.",
"type": "control"
},
{
"describes": "Audit procedure (substantive or controls test).",
"type": "procedure"
},
{
"describes": "Audit finding / observation raised during fieldwork.",
"type": "finding"
},
{
"describes": "Working-paper reference.",
"type": "working_paper"
},
{
"describes": "Evidence item obtained or generated during the engagement.",
"type": "evidence"
},
{
"describes": "Audit-team member or client contact.",
"type": "personnel"
}
],
"risk_kinds": [
"inherent",
"control",
"significant",
"fraud"
],
"schema": "audit-graph/v1"
}