At Cortea, I spent five months as a Product Designer (Intern) designing the screens auditors use to run IT audits with AI. My work covered the full flow: picking the audit type, uploading documents, reviewing AI findings, and generating the final report. Getting those screens right is what determines whether auditors trust the product enough to bring it to real clients.
01 — About the company
Cortea is a Berlin-based startup building software that automates IT audits. Their AI handles the time-consuming parts: collecting documents, checking for compliance gaps, and drafting reports. A certified auditor reviews and approves every step, so nothing ships without a human in the loop.
Headquarters
Berlin · 2023
Frameworks
DORA · ISO 27001
Approach
Human in the loop
Efficiency
~50% faster audits
02 — What I worked on
An IT audit has a clear sequence: pick a compliance framework to audit against, upload the relevant documents, review the compliance gaps the AI found, then export the final report. The review step is where auditors do the real work: they can mark a gap as not applicable, add comments, or attach an action point before anything makes it into the report. This flow is how Cortea guides auditors through all four stages. I owned three of them (Select, Upload, and Report) from start to finish, and worked alongside another designer on Results.
This is where the auditor picks which compliance framework they're checking against (like DORA or ISO 27001). That choice drives everything else in the audit. The design had to make the options instantly clear.
As auditors upload files, the AI categorises each one in real time, sorting them into types like strategy, policy, or procedure documents. Showing that classification as it happens gives auditors early confidence that the AI understands the material before it starts its analysis.
A table listing every compliance gap the AI reported, each tagged with a confidence score. Auditors can focus on low-confidence findings first, reviewing those most carefully. For each gap, they can add written feedback or remove it entirely if the evidence shows the item is actually compliant. This is the step where the auditor takes full ownership of the results before anything goes into the final report.
Once the auditor signs off on the results, the product generates a summary and a detailed report of the full audit. Both can be exported as Excel or PDF for easy sharing with clients. The language is written for the people receiving it: clear enough for non-technical stakeholders to follow, and specific enough that they know exactly what needs to be fixed to close each compliance gap.
I also worked on shared Figma components used across the product, and joined design reviews with the engineering team.
03 — Design challenge
Auditors are personally responsible for every finding in a report. If the AI gets something wrong and the auditor signs off anyway, that's on them. So every screen had to make the AI's reasoning clear enough that auditors could confidently approve or push back.
The problem
Auditors had to hand confidential client files to an AI, but had no way to see how it read, sorted, or flagged each document
The response
Two-column view: uploads on the left, AI categorisation live on the right. Auditors can see each document get sorted as it happens, not just wait for a result.
The problem
The AI flags compliance gaps, but not every finding carries the same certainty. Auditors had no way to tell which gaps needed the most scrutiny and which the AI was confident about
The response
Confidence tags: I proposed tagging each gap with the AI's confidence score. Auditors can focus their review on the gaps the AI was least sure about first, where human judgement matters most.
The problem
The audit report lands in the client's inbox as an Excel or PDF file. They have never used Cortea, and the auditor won't be there to explain it
The response
Executive summary up front for C-suite readers, plain-language descriptions that don't assume audit knowledge, and compliance charts that make gaps visible at a glance. The report has to work for the CFO skimming the first page and the IT lead reading every line.
"If the AI is wrong, who signed off on it? That's the question every interface decision had to answer."
Trust
Every AI finding needed to show its reasoning. Auditors can't approve something they don't understand, and they can't hand over a report they can't defend.
Speed
Teams run audits under tight deadlines. An audit that took 2-3 business days manually completed in 3-4 hours on the platform. Cutting that time was a concrete product goal.
Control
Auditors needed to be able to correct the AI easily. The AI does the heavy lifting, but the auditor makes every final call. That had to feel real, not like a rubber stamp.
04 — Impact
50+
audit reports delivered
Built on the report template I designed, sent to clients across 5+ audit firms.
7
auditors in beta
Across 3 firms. Their feedback directly shaped what we built.
30+
Figma components
Co-designed from scratch, adopted as the team's shared design system.
All three screens I owned (Select, Upload, and Report) went into beta around week 10 and shipped to production by week 14 of a 5-month internship.
Beta testing with 7 auditors across 3 firms directly changed what we built. Auditors said they couldn't tell what the AI was doing while it processed their files, so we added live categorisation to show each document being sorted as it arrived. They also didn't know where to start reviewing results, so I proposed confidence scores to surface the gaps the AI was least sure about first, giving auditors a clear place to begin.
I can't share the screens publicly. The product is proprietary. But the internship is listed on my CV and reachable for reference through Cortea.
05 — Learnings
Learn the domain. Then design for it.
I learned how audits actually work well enough to explain it to someone outside the industry. That made every design call faster and more confident. I stopped guessing what auditors needed.
Design for when AI is wrong, not just when it's right.
Designing with AI means designing for when it gets things wrong: low confidence, edge cases, the auditor disagreeing with a finding. I spent as much time on those moments as on the main flow.
Watch what people do, not what they say they'd do.
I watched an auditor's cursor slow over an AI-identified compliance gap while he read through the reasoning. Something didn't feel right to him. No interview had surfaced that doubt. One hesitation told me more than any feedback session: not every finding the AI flags is equally certain, and auditors needed to see which ones to question first.