At Cortea, I spent five months as a Product Designer (Intern) shaping how auditors run faster, more precise audits with AI. The setup experience determines whether they trust the product at all.
01 — About the company
Cortea is a Berlin-based B2B SaaS startup building AI-powered audit software. Their platform helps IT auditors and compliance teams cut manual audit effort in half by automating everything from document collection to report generation. During my internship, the platform focused on DORA and ISO 27001.
Their core product principle: Auditor in the Loop™. The AI handles the repetitive work (parsing documents, mapping controls, flagging gaps), but a certified auditor verifies every finding before it lands in the report. Precision without removing the human who is professionally accountable for it.
I joined as a Product Designer (Intern) from February to June 2025, embedded in a small, fast-moving team where design, product, and engineering shared the same room and the same sprint board.
02 — What I worked on
My primary project was the onboarding and setup flow that an auditor goes through before running their first AI-assisted audit. Four interconnected steps, each requiring its own design rationale.
Letting teams define which systems, assets, and frameworks are in scope for the audit. The challenge: most users don't know what they don't know yet.
Designing drag-and-drop ingestion for messy compliance artefacts (policies, logs, contracts) and communicating AI processing status without triggering anxiety.
A review interface for the AI-generated gap list. Users needed to understand not just what the AI found, but why, and be able to override it when they disagreed.
Translating identified gaps into an actionable task board, assignable to team members with deadlines and audit trail linkage.
Beyond the setup flow, I also contributed to component library work in Figma, ran usability reviews with the engineering team, and iterated on micro-interactions for the evidence status indicators.
03 — Design challenge
IT auditors aren't just cautious by personality. They're professionally liable for every finding they sign off on. An AI output that says "14 gaps found" lands very differently from one that shows the document evidence behind each gap and lets the auditor override the AI's conclusion.
The deeper challenge was that I had to learn the domain while designing for it. DORA and ISO 27001 each have their own vocabulary, control hierarchies, and audit logic. I couldn't design legible interfaces for a space I didn't understand. The first two weeks were as much about reading framework documentation as they were about wireframing.
"If the AI is wrong, who signed off on it? That's the question every interface decision had to answer."
Trust
Every AI output needed a rationale visible at a glance. Confidence without transparency creates liability.
Speed
Compliance teams move fast in audit season. Reducing setup friction from days to hours was a real product goal.
Control
Override affordances were as important as AI suggestions. The human-in-the-loop had to feel real, not ceremonial.
04 — Impact
The audit setup flow I designed shipped to Cortea's production environment before the internship ended.
The scoping interface was validated with three customer teams during a beta testing round. Their feedback directly shaped the final iteration.
Component patterns I introduced in Figma were adopted into the broader design system, used by the team after I left.
The evidence upload interaction reduced support questions about processing status, tracked via internal metrics.
I can't share the screens publicly. The product is proprietary. But the internship is listed on my CV and reachable for reference through Cortea.
05 — Learnings
Learning 1
Domain fluency is a design skill.
Understanding DORA audit logic well enough to explain it to a colleague made every design decision faster and more defensible.
Learning 2
AI as material, not magic.
Designing around AI outputs means designing for uncertainty. Confidence levels, fallback states, and override paths aren't edge cases, they're the interface.
Learning 3
Sitting next to users beats presenting to them.
The most useful feedback I got came from watching a compliance officer's mouse hesitate over a button, not from a usability report.
Learning 4
Early shipping is faster learning.
Seeing my design in production within weeks, with real customers using it, compressed the feedback loop in a way that no prototype can replicate.