Supergood | TeamMate from Wolters Kluwer API

Programmatically access TeamMate audit engagements, workpapers, findings, risk registers, and remediation workflows with a stable REST API. Supergood builds and operates production-grade, unofficial TeamMate integrations so your team can automate audit processes, feed AI-driven tests, and orchestrate follow-ups without heavy custom engineering.

Plain English: TeamMate from Wolters Kluwer is internal audit management software used by audit departments to plan, execute, and report audits across the enterprise. An unofficial API lets you programmatically pull audit lists, scopes, schedules, risk and controls, workpapers, test results, issues/findings, action plans, and documents—and push new workpapers, test results, evidence, issues, and remediation updates back into TeamMate.

For a tech company integrating with TeamMate, this means you can ingest real-time engagement and risk data to power dashboards, run AI-driven analytics on transactions and controls, auto-create workpapers and issues from exceptions, synchronize remediation to service desks (e.g., Jira, ServiceNow), and keep stakeholder systems (ERP, GRC, analytics, data lake) aligned. You can trigger status updates to auditees, attach evidence from scanners or email inboxes, auto-assign tasks based on workload, and maintain an end-to-end audit trail.

What is TeamMate from Wolters Kluwer?

TeamMate (https://www.wolterskluwer.com/en/solutions/teammate) is a cloud platform for internal audit, risk, and controls management that centralizes audit planning, fieldwork, workpaper documentation, issues/remediation, and reporting across audit teams and business stakeholders. Organizations use TeamMate to perform risk assessments, build audit plans/programs, manage workpapers and test procedures, track findings and action plans, schedule resources, collect evidence, and produce reports—all with robust role-based permissions and governance.

Core product areas include:

• Audit Planning and Engagement Management (Audit Universe, Annual Plan, Engagements, Scopes, Schedules)
• Fieldwork and Workpapers (Programs, Tests, Sampling, Evidence, References)
• Issues and Remediation (Findings, Recommendations, Action Owners, Due Dates, Follow-Up)
• Risk and Controls (Risk Register, Control Library, Assessments, Ratings)
• Resource and Time Management (Assignments, Workload, Timesheets)
• Reporting and Analytics (Dashboards, KPIs, Export, Audit Trail)

Common data entities:

• Organizations, Business Units, Processes, Auditees
• Engagements/Audits (metadata, scope, objectives, status, ratings)
• Workpapers and Tests (procedures, samples, results, attachments)
• Evidence (documents, links, timestamps, provenance)
• Issues/Findings (severity, cause/effect, recommendations, status)
• Action Plans (tasks, owners, due dates, milestones)
• Risk Register (risks, inherent/residual ratings, owners)
• Controls (control descriptions, mappings, effectiveness)
• Users, Roles, Permissions (Auditors, Reviewers, Auditees, Administrators)
• Schedules and Assignments (dates, workloads, approvals)

The TeamMate Integration Challenge

Audit teams rely on TeamMate every day, but turning portal-based workflows into API-driven automation is non-trivial:

• Role-aware governance: Auditors, reviewers, and auditees see different data, states, and permissions
• Workflow fidelity: Workpapers, reviews, issue approvals, and follow-ups have strict state transitions
• Evidence integrity: Attachments, references, and timestamps must preserve chain-of-custody
• Authentication complexity: SSO/MFA and session lifecycles complicate unattended automation
• Risk/control taxonomy: Objects span engagements, risks, controls, and findings with cross-module relationships
• Data distribution: Key context lives across workpapers, test results, issues, and remediation milestones

How Supergood Creates TeamMate APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your TeamMate tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements and role-based permissions to ensure compliant access

Use Cases

Audit Universe & Engagement Sync

• Mirror audit universe items and engagements into your internal systems
• Keep engagement metadata current for analytics and reporting
• Normalize scopes, ratings, and statuses for multi-entity operations

Workpapers & Evidence Automation

• Create workpapers from your audit program templates and AI suggestions
• Upload evidence from scanners, inboxes, or DLP archives with provenance
• Link samples, test attributes, and references; trigger review workflows

Findings & Remediation Management

• Auto-create issues from exception rules and push action plans to ServiceNow/Jira
• Track remediation progress, SLAs, and due dates across owners
• Sync follow-up testing and close-out approvals back to TeamMate

Risk & Control Alignment

• Pull risk registers and control libraries to inform your analytics and testing
• Update control mappings and effectiveness ratings based on test outcomes
• Drive real-time risk heatmaps and dashboards in BI platforms (e.g., Power BI)

AI-Powered Audit Execution

• Feed transactional datasets from ERP (e.g., SAP, NetSuite) into AI models
• Post test results and exception details back into TeamMate with evidence
• Generate narrative summaries and suggested recommendations for reviewer approval

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_tm_29f1c0",
    "name": "Audit Lead",
    "entitlements": ["audits", "workpapers", "issues", "risk_register", "resources"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Audits

GET /audits: List audits/engagements with filters and summary details.

Query parameters

• businessUnitId: string
• auditorId: string
• status: planning | fieldwork | reporting | follow_up | closed
• rating: satisfactory | marginal | unsatisfactory | n/a
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "engagementId": "aud_7a12c4",
      "name": "Q2 Procurement Audit",
      "businessUnit": "Global Operations",
      "scope": "Purchase-to-Pay",
      "status": "fieldwork",
      "rating": null,
      "leadAuditorId": "u_tm_29f1c0",
      "startDate": "2026-04-01",
      "endDate": null,
      "riskScore": 78,
      "controlCount": 42,
      "issueOpenCount": 5,
      "updatedAt": "2026-04-20T09:31:00Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Workpapers

POST /audits/{engagementId}/workpapers: Create a workpaper with procedures, sampling, and evidence.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/audits/aud_7a12c4/workpapers \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "Three-Way Match Test",
    "objective": "Validate PO, receiving, and invoice alignment",
    "procedure": "Sample 30 invoices > $10k; verify PO authorization and GRN dates",
    "controlId": "ctrl_P2P_003",
    "sampleMethod": "monetary_unit_sampling",
    "sampleSize": 30,
    "assigneeUserId": "u_tm_41a220",
    "dueDate": "2026-05-05",
    "references": [
      {"type": "policy", "label": "Procurement Policy v5", "url": "https://intranet/policy/procurement-v5"}
    ],
    "attachments": [
      {"fileName": "sampling_plan.pdf", "uploadToken": "upl_0ab93c"}
    ],
    "notifyReviewer": true
  }'

Example response

{
  "workpaperId": "wp_90e412",
  "status": "in_progress",
  "reviewStatus": "not_submitted",
  "createdAt": "2026-04-21T10:03:11Z"
}

Issues & Action Plans

POST /audits/{engagementId}/issues: Create an issue/finding with remediation details.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/audits/aud_7a12c4/issues \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "Missing GRN for high-value invoice",
    "description": "Invoice INV-99231 ($12,430) paid without recorded goods receipt.",
    "severity": "high",
    "category": "process_noncompliance",
    "cause": "Insufficient receiving controls",
    "effect": "Risk of payment for undelivered goods",
    "recommendation": "Require GRN before payment; implement system validation",
    "relatedWorkpaperId": "wp_90e412",
    "actionPlan": {
      "ownerUserId": "u_tm_5b19f0",
      "dueDate": "2026-06-15",
      "tasks": [
        {"taskId": "", "title": "Configure ERP validation", "dueDate": "2026-05-30"},
        {"taskId": "", "title": "Update SOP and train AP", "dueDate": "2026-06-10"}
      ]
    },
    "attachments": [
      {"fileName": "invoice_INV-99231.pdf", "uploadToken": "upl_7fa223"}
    ],
    "referenceId": "svc-now-INC-2981"
  }'

Example response

{
  "issueId": "iss_51af80",
  "status": "open",
  "severity": "high",
  "actionPlanStatus": "in_progress",
  "createdAt": "2026-04-21T11:20:44Z"
}

PATCH /issues/{issueId}/action-plan: Update action plan ownership, milestones, and status.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/issues/iss_51af80/action-plan \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "ownerUserId": "u_tm_5b19f0",
    "status": "in_progress",
    "dueDate": "2026-06-20",
    "tasks": [
      {"taskId": "tsk_ap_001", "title": "Configure ERP validation", "status": "completed", "completedAt": "2026-06-01T08:10:00Z"},
      {"taskId": "tsk_ap_002", "title": "Update SOP and train AP", "status": "in_progress"}
    ]
  }'

Example response

{
  "issueId": "iss_51af80",
  "actionPlanStatus": "in_progress",
  "dueDate": "2026-06-20",
  "updatedAt": "2026-06-02T12:05:12Z"
}

Test Results (Analytics)

POST /audits/{engagementId}/tests/results: Upload analytics-driven test results and exceptions.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/audits/aud_7a12c4/tests/results \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "testId": "tes_P2P_3wm_001",
    "name": "Three-Way Match Exception Scan",
    "datasetRef": "dlake://erp/ap_invoices/2026Q2",
    "populationCount": 18542,
    "exceptionsCount": 37,
    "resultStatus": "exceptions_found",
    "exceptions": [
      {"recordId": "INV-99231", "description": "No GRN", "amount": 12430.00, "tags": ["missing_grn", "high_value"], "evidenceUploadTokens": ["upl_7fa223"]},
      {"recordId": "INV-10012", "description": "GRN after payment", "amount": 8620.00, "tags": ["late_grn"]}
    ],
    "createdBy": "ai-anomaly-detector",
    "referenceId": "job-run-7841"
  }'

Example response

{
  "testResultId": "tr_7c3d21",
  "status": "recorded",
  "linkedWorkpaperId": "wp_90e412",
  "updatedAt": "2026-04-22T08:15:12Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of engagements, workpapers, issues, risk/controls, and remediation objects
• Security: Encrypted transport, scoped tokens, and audit logging; respects TeamMate role-based permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., issue approvals, remediation updates)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume audit data sync and exception/result ingestion
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened TeamMate adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as TeamMate evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which TeamMate modules can this integration cover?

Supergood supports workflows across commonly used modules such as Audit Planning and Engagements, Fieldwork and Workpapers, Issues and Action Plans, Risk Register and Controls, and Resource Scheduling—subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you push analytics test results and attach evidence?

Yes. We normalize test results and exception details, support bulk uploads, and attach evidence via signed uploads with checksum validation and time-limited URLs. We can link results to existing workpapers or create new ones.

Q: Can remediation sync to our service desk?

Yes. We can create issues and action plans in TeamMate while synchronizing tasks to systems like Jira or ServiceNow, maintaining bi-directional status updates and audit trails.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your TeamMate workflows?

Supergood can have your TeamMate integration live in days with no ongoing engineering maintenance.

Get Started →