AIDA-MOS — AI for Bulgarian Solo Auditors

So I want you to picture this. It's like 2 in the morning on a Tuesday. You are a solo practitioner.

Right. An independent financial auditor.

Exactly. And sitting on your desk is this absolute mountain of mandatory compliance documentation.

Oh yeah. The worst part of the job.

Right. And you don't have a team of junior assistants to, you know, delegate the heavy lifting to. You are armed with nothing but a blank Word document, a few endless Excel spreadsheets, and a clock that is just mercilessly ticking down.

It's a highly pressurized environment. And what's dangerous about that is how easily your focus gets forced away from what you're actually trained to do.

Which is exercising deep professional judgment.

Right. It just gets swallowed up by pure repetitive administration.

Totally. And that visceral pain point is exactly what we are going to unpack today. Welcome to the Deep Dive.

Glad to be here. We've got a fascinating stack of sources in front of us today. We're looking at a pitch deck, a strategic market analysis, and a product summary for this revolutionary piece of software called AIDA-MOS.

Also known as the AI co-pilot. Yes, exactly. Developed by a Bulgarian tech company called OpenKBS. And to really get to the bottom of this, to see if it's a legitimate breakthrough or just, you know, more tech industry hype, we're doing something a little different today.

Yeah, this should be fun.

We are going to simulate the actual presentation of this product to the IDES board of directors. For certified public accountants in Bulgaria. So for this role play, I am going to take on the role of the enthusiastic OpenKBS team. I'll be pitching this AI as a massive breakthrough for solo practitioners.

And I am going to channel the perspective of the IDES board of directors. So I'll be highly skeptical, fiercely protective of client confidentiality, and definitely demanding rigorous proof of security.

Which is exactly what a board member should do. So let's set the baseline here. The reality of the Bulgarian auditing market right now is stark. About 70% of IDES members practice solo or in micro practices.

That's a huge majority.

It is. And they are losing hundreds of hours manually filling out questionnaires and creating audit samples.

Now, I know what you're thinking. I'm thinking there are already massive professional tools out there for this. Why do we need a custom solution built by OpenKBS?

Right. But here's the thing. Those existing tools were fundamentally not built for the reality of a solo practitioner in Bulgaria.

What do you mean? They're industry standard.

Sure. But they are enterprise-grade systems designed for massive corporate structures. They are incredibly expensive, they're structurally rigid, and crucially, they are entirely in English.

Okay. I see where you're going with this.

Yeah. I mean, if you are auditing a local midsize manufacturing firm in Bulgaria, forcing your entire workflow through a rigid English-language enterprise system creates a massive financial and linguistic barrier.

Right. It's just friction.

Exactly. And OpenKBS recognized this gap. We aren't an academic research lab building, like, theoretical AI models. We build working systems. Think of us like a master builder.

Okay. How so?

We don't invent our own bricks. We use the best materials on the market, like models from Anthropic or OpenAI, and we upgrade them whenever a better one appears.

Look, I get that. But anyone with a laptop can claim they build working systems these days. Independent financial auditing is a heavily regulated profession. I don't need Silicon Valley disruption. I need people who understand compliance. Who exactly is building this? Are these just developers who discovered an API yesterday?

Hardly. The OpenKBS team's background is entirely rooted in high-stakes, low-tolerance environments. Plamen Petrov, for example, has over 20 years of experience and was the AI director at SiteGround.

Okay. That's real tech experience.

Right. And then you have Ivo Stoynovski, who spent years building financial infrastructure for central banks.

Oh, central banks. So zero-trust security is his baseline.

Exactly. And on the operations side, Elena Petrova comes directly from Dext, which is a global platform used by over 12,000 accounting firms. They understand the accounting workflow deeply.

All right. The pedigree is solid. I will give you that.

Okay. What is your biggest fear here as a board member? Lay it on me.

My members are licensed professionals. Our job requires intense critical thinking. My nightmare with AI entering this space is that it's just going to generate a bunch of generic automated checklists.

And you're worried an exhausted auditor will just blindly sign off on them at 2 a.m.?

Exactly. Just to get to sleep. How is your product not just an automated rubber stamp?

That is the exact fear we designed this system to prevent. And we address it through the foundational mantra of the AIDA-MOS architecture.

Which is?

The auditor decides, the assistant assists. The AI does the routine heavy lifting, but the human takes the legal responsibility.

It's a catchy slogan. But in an audit, marketing slogans don't keep you out of trouble with the oversight commission.

Very true.

The Independent Financial Audit Act legally requires a strict sequence of procedures based on the ISA. How exactly does an AI assist without overstepping its bounds and making legal decisions?

By entirely separating the knowledge base from the language model. AIDA-MOS is built on what we call the three layers of knowledge. The first layer is the canon.

The canon. Like the rulebook.

Yes. The absolute bedrock. The ISA standards, the ethics code, and approved methodologies.

But wait, language models hallucinate all the time. If it tries to remember a specific paragraph of the ethics code, it could just invent a rule that sounds plausible.

Exactly. Which is why it doesn't rely on the model's memory at all. AIDA-MOS uses a mechanism called Retrieval Augmented Generation, or RAG.

Let's strip away the jargon for a second. What does that actually mean for the auditor?

Think of it not as the AI taking a closed-book exam, but an open-book test with strict rules. Before the system generates a single word of advice, it physically queries a secure database, pulls the exact text of the ISA standard, and reads it.

So it's strictly anchored to the text. It literally quotes the rulebook.

Precisely. That's layer one.

What's layer two?

Layer two is the IDES institutional template. This ensures uniformity across the board. It means no matter which solo auditor is using the system, the final working papers look standardized and professional.

Which is critical for our quality control inspections.

Exactly. But layer three is where the real mechanics happen. Layer three is the client context.

Meaning the specific client they're auditing.

Yes. Their industry, their unique trial balance, their specific operational risks.

So if I'm understanding this, most off-the-rack software acts like a giant one-size-fits-all funnel. If I have a tiny bakery as a client, the software still forces me to click N/A on 50 questions designed for a multinational tech conglomerate. It's like buying a massive suit and trying to pin it to fit a child.

That is a perfect analogy. But with AIDA-MOS, it's like having a bespoke tailor. Layer three, your specific client's data, actually dictates how the rulebook in layer one is applied.

Okay. I need you to prove that. Don't just list standard numbers at me. Walk me through a real scenario. If I upload a messy trial balance for a local logistics company, what actually happens? Show me the mechanics.

All right. Let's look at the crucial phase of risk assessment based on ISA 315. When you upload that logistics company's data, the assistant analyzes the industry context and the financials. It doesn't just hand you a blank risk register. It proposes a draft. It might say, given the high fuel costs and vehicle depreciation in the trial balance, here are three specific business risks you should consider. But it doesn't finalize them.

Never?

Never. It pauses and waits. You, the human auditor, must review those specific risks. You might reject one, modify another, and approve a third.

So the system is hard-locked until I apply my professional judgment.

100%.

All right.

And once you approve those risks, we move to the math. Let's talk about audit sampling under ISA 530.

Oh, sampling. That is usually where the pain is highest.

Exactly. And this is where the dynamic nature really shines. Because you approved specific risks in the previous step, the assistant now dynamically builds your sampling model — let's say a Monetary Unit Sampling, or MUS, model.

And just for anyone listening who isn't deep in the weeds, MUS is a statistical method that gives heavier weight to larger financial balances. It's incredibly tedious to set up manually.

But AIDA-MOS automatically configures the sample size and the parameters based entirely on the specific risks you legally locked in during the previous step.

I see. So the interface actually morphs based on my prior decisions.

Yes. It's a chain of causality. Every step drafts the next. But nothing moves forward without your explicit click of approval. You take the legal responsibility. The machine does the heavy lifting. Right down to drafting the final opinion report under ISA 700.

Exactly. It drafts, you judge.

Okay. That sounds incredibly efficient.

But your explanation just led us right into a massive trap. And as a board member, this is where I drop the hammer.

Uh-oh. Let's hear it.

You just told me that the AI analyzes my client's raw trial balance to dynamically generate risks. That means I am feeding highly sensitive, strictly confidential financial data into an AI model. Client confidentiality is the absolute bedrock of our profession.

I completely agree. We categorically cannot and will not allow our members to paste their clients' invoices and ledgers into a public chatbot so that some tech giant in California can use it to train their next global model.

How is this not a massive data leak?

It's the most important question you could ask. And the answer is entirely architectural. First, AIDA-MOS is not a public chatbot. You are not going to a public website and pasting data.

Okay. Then how does it work?

Our system operates through a highly secure corporate European proxy.

Look, "corporate European proxy" is just a bunch of technical buzzwords. Explain the mechanism to me. How does it protect the data?

Fair enough. Let's use an analogy. Imagine a secure airlock on a submarine. When you upload a trial balance, it doesn't go straight to the AI model. It goes into this secure airlock.

And what happens in the airlock?

Our system mathematically obfuscates the data. It strips out names. It turns specific financial figures into tokenized ratios. It sends that anonymous mathematical logic to the AI model.

So the AI never sees John Doe's logistics firm?

Never. It just processes the raw mathematical relationships, sends the logic back into the airlock, and our system reassembles it on your secure side.

What about the tech giants?

The contracts in place explicitly forbid any of this tokenized data from being used to train public models.

So the AI is essentially solving an equation blindfolded, and my system puts the names back on the variables once the answer comes back.

That is exactly right. And let's talk about where that airlock physically lives, because data sovereignty is crucial here.

Yes. Where is the data actually sitting?

The entire infrastructure runs on an isolated AWS account, physically located in the Frankfurt region. The data never leaves the European Union.

Wait. Back up. What do you mean by an isolated account?

I mean we practice true data sovereignty. Your data isn't sitting in a massive shared database next to data from 1,000 other companies. The entire IDES platform lives in its own dedicated, fenced-off cloud environment.

Really? Just for us?

Yes. In fact, there is zero vendor lock-in. If the Institute decides tomorrow that they want total control, that entire Frankfurt account can be legally and technically transferred directly to IDES. You hold the keys.

So it's not like renting a storage unit in a massive warehouse where someone could accidentally walk into my unit.

No. Instead, we built a private vault, handed you the only combination, and said you could move the vault itself whenever you want.

Okay. I like the sound of that. But what about the actual security of the vault?

It's bank-level. We're talking AES-256 encryption when the data is sitting still and TLS 1.2 encryption when it's moving. We maintain automated point-in-time recovery backups across three different zones, going back 35 days.

So even if a server physically burns down, your audit files are secure and recoverable.

Exactly.

All right. The zero vendor lock-in concept and the dedicated Frankfurt vault address my immediate fears about data scraping, but the world is changing rapidly. We are facing a tsunami of incoming European regulations. The EU AI Act is terrified of exactly this kind of technology. And we have the NIS-2 cybersecurity directives to comply with. If we adopt this, aren't we just painting a massive regulatory target on our backs?

This is where the story takes a really fascinating turn. The European AI Act doesn't restrict the architecture of AIDA-MOS — it actually legally requires it.

What? That's a bold claim. Explain the mechanics of how the law requires your software.

Let's look at the text. Articles 14 and 26 of the EU AI Act explicitly mandate human oversight for high-risk AI systems. That principle we discussed earlier — the auditor decides, the assistant assists — isn't just a catchy phrase. It is the literal technical execution of Article 14. Because the system physically locks you out of the next phase until you apply your professional judgment.

Exactly. It systematically proves human oversight. Proving it to myself is one thing. Proving it to the KPNRO, the State Oversight Commission that inspects auditors, is another. They want to see the paper trail.

Exactly. They don't care about my intentions. And that brings us to Article 12 of the AI Act, which requires absolute traceability. AIDA-MOS maintains an immutable, cryptographically secure audit log.

Wait, what exactly is it logging?

Behind the scenes, the system is recording a massive ledger. It records exactly who generated a draft, at what exact millisecond, which specific AI model and prompt version was used, and exactly what the human auditor altered and approved.

Oh, wow. So when the KPNRO inspector sits down at your desk, you don't just say, "I oversaw the AI." You hand them an airtight digital ledger, proving you were the ultimate arbiter of every single decision.

Okay. An automated, immutable paper trail that complies with Article 12. That actually turns a regulatory nightmare into a massive defensive shield during an inspection.

Precisely.

And regarding the NIS-2 cybersecurity directives, that isolated, encrypted vault in Frankfurt we just talked about completely covers the stringent requirements for incident reporting, business continuity, and risk management.

Okay, let's pivot to the market reality. Let's say you've convinced me on the tech and the compliance. But why shouldn't our members just stick with what they know? Caseware has been the industry standard for years. DataSnipper is fantastic for matching evidence in Excel. And MindBridge is incredibly powerful for analyzing anomalies. Why gamble on a local Bulgarian startup?

Because the reality of a solo practitioner in Bulgaria is fundamentally different from a massive firm in London or New York.

I mean, sure, but the tools still work.

Yes. Caseware and TeamMate Plus are incredibly mature, powerful platforms. But they are heavy. They are rigid. And they force you into endless standardized forms.

True. They often feel like fighting with an incredibly expensive digital filing cabinet.

Exactly. And DataSnipper is a phenomenal tool, but it requires steep minimum license purchases. A solo practitioner or a two-person micropractice cannot afford to buy a 10-seat enterprise license just to get access to automated Excel matching.

That's a fair point about the licensing. And MindBridge?

Brilliant at population analytics, but it doesn't draft your working papers or build your final report. AIDA-MOS is built specifically for the workflow of the Bulgarian auditor.

Because it's tailored to our specific laws.

Yes. Deeply integrated with the ISA methodology. But crucially, it speaks native Bulgarian. It generates your mandatory documentation according to the exact nuances of local legislation.

That language barrier really is a massive friction point that enterprise tech companies constantly ignore.

Why force a local expert to translate their mind into a rigid English enterprise tool when you can give them a dynamic, native-speaking assistant?

And frankly, the Institute is ready for this. We are already transitioning to environments like Microsoft SharePoint. Just recently, IDES signed a memorandum of understanding with the ACCA, signaling a serious push toward modern standardization. We definitely have the momentum.

Which brings us to the core value proposition for the Institute itself. If IDES adopts a system like AIDA-MOS, you achieve total standardization.

Right, because everyone is using the same baseline.

Exactly. When every single solo auditor is generating working papers that follow the exact same high-quality institutional template, the quality control checks you have to perform as an Institute become vastly easier, faster, and more objective.

And to make sure this fits every working style, I saw in the sources there are two different delivery models controlled by fair-use limits.

Yes, exactly. There's Form A, which is the assisted audit file. That's where the AI assistant is with you end-to-end, from the engagement letter all the way to the final report.

Spot on. And then there's Form B, the help desk by phase. So if I'm an auditor who only wants help on the really gnarly stuff, like calculating materiality or setting up the MUS sample, I can just drop in, use the AI for that specific phase, and jump out.

Exactly. It doesn't force you into an all-or-nothing relationship with the software. It respects your autonomy as an expert. It removes the friction, handles the administrative burden, and lets you focus entirely on the professional judgment that you spent years studying and getting licensed to provide.

Which leaves us with a truly fascinating, almost philosophical point to close out this deep dive.

Yeah, I love this part.

As you mentioned earlier, the European AI Act is rewriting the rules. But specifically, Article 4 mandates AI literacy across professions by 2025.

Right. It's no longer just an optional upgrade for tech-savvy firms. It's becoming a baseline legal requirement to understand how these systems work.

It's a massive paradigm shift.

It really is. And if you are listening to this, I want you to mull over this final thought.

Go for it.

If a highly regulated, intensely scrutinized institution like IDES successfully pulls this off — if they manage to codify their entire professional standard into a dynamic AI agent — we're creating an environment where the machine does the exhausting, repetitive labor, but the human being is cryptographically proven to be the ultimate judge and bearer of responsibility.

Does this set the blueprint for every other regulated profession?

It's the ultimate proof of concept.

Right. I mean, think about lawyers drafting complex litigation. Think about doctors diagnosing rare illnesses. Think about structural engineers signing off on bridge schematics. It changes everything.

What OpenKBS and AIDA-MOS are trying to prove is that AI isn't arriving to replace the expert. That's a myth. AI is arriving to elevate the expert, stripping away the noise so that the human being can truly operate as the absolute and final arbiter of the truth.

And it brings us right back to that solo auditor at 2 a.m.

Exactly. Only this time, the Word document isn't blank. It's fully drafted, dynamically customized to the client, perfectly aligned with the law, and just waiting for the critical eye of a rested, focused professional to review it, approve it, and go home.

And that is the power of a working system. Beautifully said. Thanks for joining us on this deep dive. We'll catch you next time.