{"api":{"name":"api.sb","description":"Business-as-Code surface for Startups.Studio","home":"https://api.sb","docs":"https://api.sb/docs","version":"1.0.0"},"$context":"https://api.sb/$context","$type":"FoundingHypothesis","$id":"https://api.sb/founding-hypotheses/fh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1","links":{"self":"https://api.sb/v1/founding-hypotheses/fh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1","canonical":"https://api.sb/founding-hypotheses/fh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1","pool":"https://api.sb/v1/founding-hypotheses"},"foundingHypothesis":{"id":"fh:compliance-officers-audit-finding-response:t-bu:v1","lens":"AIService","type":"founding-hypothesis","click":{"rubricScores":{"C8_lensFit":1,"C7_magicLensFit":1,"C4_competitorHonesty":1,"C6_crossSlotCoherence":1,"C1_customerSpecificity":1,"C2_problemFrictionRealism":1,"C9_killCriteriaAttestability":1,"C3_approachEngineCoverability":1,"C5_differentiationLoservilleEscape":1},"upperRightLoserville":true},"cellRef":{"id":"work-contexts.org.ai/compliance-officers-audit-finding-response","stableHash":"wcc:compliance-officers:audit-finding-response:document:v1"},"problem":{"slotStatement":"After every audit cycle, the compliance officer spends weeks reconciling findings whose control citations straddle FERC, state PUC, NERC-CIP, and internal-policy jurisdictions — and wet-signature response forms get physically routed to the wrong control owner because the finding's authority scope was never pinned, producing regulator-facing remediation commitments under the wrong regime and invisible regulatory exposure when a state examiner asks who actually owns the control."},"approach":{"oneSentence":"Authority-boundary resolution engine that, the moment a finding is logged, classifies each citation against a utility-specific jurisdiction graph (FERC vs state PUC vs NERC-CIP vs internal SOX-adjacent policy), binds the correct control owner and remediation regime to the finding, and produces a jurisdiction-scoped response packet the CAE can hand to the examiner without re-routing the paper form."},"customer":{"icpShape":"Chief Audit Executive or VP Internal Audit at a CompanyType/company-type-public-utility (investor-owned electric/gas/water utility, 500–5,000 employees, multi-state service territory under FERC + state PUC + NERC-CIP jurisdictions), where the buyer is the Chief Audit Executive (signs the GRC tooling PO with CFO co-sign) and the daily user is the Senior Compliance Officer or Audit Manager who drafts management responses and tracks remediation owners.","beachheadShape":"EarlyAdopterJTBD: multi-jurisdiction investor-owned utilities that failed a recent NERC-CIP or state-PUC audit cycle and have open findings crossing federal/state/internal-policy authority boundaries"},"archetype":"startup-archetypes.org.ai/AIService-Subscription","beachhead":"EarlyAdopterJTBD: multi-jurisdiction investor-owned utilities that failed a recent NERC-CIP or state-PUC audit cycle and have open findings crossing federal/state/internal-policy authority boundaries","competitors":{"substitutes":[{"name":"Wet-signature finding-response form physically routed for control-owner endorsement","category":"manual-bridge"},{"name":"Shared Excel finding-tracker with a 'Regulation' free-text column maintained by the audit coordinator","category":"informal"},{"name":"AuditBoard (CrossComply + OpsAudit modules)","category":"incumbent","uncopyabilityReason":"AuditBoard's data model treats 'framework' as a single-owner taxonomy tag chosen at finding-creation time; the utility-specific case where one finding spans FERC + state-PUC + NERC-CIP simultaneously would require rebuilding its control-library schema and its SOX-pedigree plan-audit integration, which is the exact contract surface that drives its Fortune-500 GRC revenue — integration-depth lock-in."},{"name":"Workiva Wdesk (Audit Management + Regulatory Reporting)","category":"incumbent","uncopyabilityReason":"Workiva's moat is the iXBRL/financial-reporting linked-document graph sold to CFO/SEC-reporting buyers; utility operational-audit findings with NERC-CIP evidence artifacts sit outside its corpus and its sales channel is financial-reporting procurement, not CAE/GRC procurement — distribution-channel mismatch prevents a 6-month pivot to jurisdiction-resolution for CIP."},{"name":"Archer (RSA Archer IT & Security Risk Management)","category":"incumbent","uncopyabilityReason":"Archer is a customer-configured policy platform deployed on-prem or in dedicated cloud; every jurisdiction-graph customization lives inside each utility's bespoke Archer instance, and RSA monetizes the professional-services hours to configure it — shipping a pre-baked FERC/PUC/CIP authority graph as product would cannibalize the SI services revenue that funds the platform (capital-intensity + services-model lock-in)."},{"name":"Fortress Information Security (NERC-CIP audit services)","category":"human alternative","uncopyabilityReason":"Fortress sells billable-hour CIP compliance consulting; their economic model depends on human analysts manually reading findings and assigning authority scope, and productizing jurisdiction resolution would collapse their utilization-based P&L — liability-posture plus services-revenue structure."}]},"studioThesis":"T-BU","killThreshold":{"K":11,"M":70,"N":8,"rubricItemSet":["C1_customerSpecificity","C2_problemFrictionRealism","C3_approachEngineCoverability","C4_competitorHonesty","C5_differentiationLoservilleEscape","C6_crossSlotCoherence","C7_magicLensFit","C8_lensFit","C9_killCriteriaAttestability"],"verdictPolicy":"all-load-bearing-pass-and-overall-ge-X","loadBearingItemSet":["C1_customerSpecificity","C2_problemFrictionRealism","C3_approachEngineCoverability","C4_competitorHonesty","C5_differentiationLoservilleEscape","C6_crossSlotCoherence","C9_killCriteriaAttestability"],"verdictPolicyVerbatim":"KILL unless every load-bearing rubric item passes per workbook AND overall pass-rate ≥ 8/9 (CASCADE.md §4 Stage 9 commit threshold)."},"lifecycleState":"Active","differentiation":{"twoByTwo":{"xAxis":"Authority-boundary handling (single free-text 'regulation' tag ↔ multi-jurisdiction graph that splits one finding across FERC + state PUC + NERC-CIP owners)","yAxis":"Utility regulatory corpus depth (generic GRC framework library ↔ pre-baked FERC Order 693 / NERC-CIP-013 / state-PUC docket taxonomy with control-owner mappings)","winningQuadrant":"Multi-jurisdiction authority graph pre-bound to a utility-specific FERC/PUC/NERC-CIP control-owner taxonomy, so a single finding auto-routes to the correct owner under each regime","loservilleEscape":true,"loservilleQuadrant":"Single-tag 'Regulation' column on a generic GRC framework library — where AuditBoard and Excel finding-trackers sit today, forcing the compliance officer to manually re-route the wet-signature form when the examiner questions which jurisdiction owns the control"}},"unmetRequirements":[],"pricingArchitecture":"usage-meter"},"actions":{},"options":{},"relationships":{"runtimeUnit":"https://api.sb/v1/runtime-units?startupRef=startup%3Afh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1","brand":"https://api.sb/v1/brands?startupId=startup%3Afh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1","listing":"https://api.services/listings?foundingHypothesisRef=fh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1","cell":"https://api.sb/v1/cells/work-contexts.org.ai/compliance-officers-audit-finding-response","thesis":"https://api.sb/v1/theses/T-BU"},"meta":{"level":"L0","scopes":[]},"user":{"requestId":"a0575bba6e9aa8fe","edgeLocation":"a0575bba6e9aa8fe","geo":{"country":"US"},"ua":{"browser":"Claude"}},"references":{"total":0,"limit":25,"page":1,"links":{"self":"https://api.sb/v1/founding-hypotheses/fh%3Acompliance-officers-audit-finding-response%3At-bu%3Av1/references"},"items":[]}}