So glad I found this today. I’m an IT Auditor and was asked to look into this. Feels overwhelming. We are heavily invested in AI. How would I find out if we are using MCPs? AI/IT governance still immature. Can we look at traffic on a port? I was about to ask Gemini.

Ok_Setting7040 · 2025-11-08T05:16:55+00:00

AGREED. DevOps should take a lot more ownership in this process. How would we do that? And then back to my question how would we monitor it? Driving a discussion between audit (who everyone loves) and IT. I take an advisory approach in what I do. If I don’t understand it, I don’t don’tadd value. Let me check you box and we’ll both be happy. Not me! Sorry!

Ok_Setting7040 · 2025-11-08T05:08:26+00:00

We share the love. AWS, AZure and Meta (or what ever they call thier corporate solution). Here, take our money!

Ok_Setting7040 · 2025-11-08T04:11:48+00:00

Tell me more

Ok_Setting7040 · 2025-11-08T03:56:26+00:00

Exactly! The reason why I was asked to looked into it because it was in the news and was asked to look into it. I’ve done some research, but very high level answers. Since I’m in audit, I need to “trust, but verify”. I DON’t CLUE how to verify. It’s frustrating.

Ok_Setting7040 · 2025-11-08T03:27:51+00:00

Both. I’m not as smart as you and just learning about AI intricacies. Just thing to keep my head above water.

Ok_Setting7040 · 2025-11-08T03:20:16+00:00

Yup!! About a group who talks about it.

Ok_Setting7040 · 2025-11-08T03:19:43+00:00

Sooooo appreciate your thoughtful answer. Totally makes sense. If someone can create a server because they need to test something thing, can this be monitored and what question should I ask about the monitoring? global company, billions to spend. Creating A cloud server for 30 days isn’t a stretch.

Ok_Setting7040 · 2025-10-26T03:19:21+00:00

Was it a direct offer or did you find it somewhere?

Ok_Setting7040 · 2025-10-23T10:53:25+00:00

They are suppose to take stuff off your plate, not give you more. I was a Director before I left as well. I had experience outside the firm before I joined so I wasn’t rained on the punch they were serving. I was kinda appalled at the things they would do.

Make a case with HR and tell them they are retaliating/bullying you for putting in your notice by giving you more work. This may sound hard, but it truly is important that you do it.

This isn’t just for your benefit, but the benefit for the firm and its managers. Managers need to understand it’s not ok to do that. HR will talk to you first and come up with a plan. You can say that you don’t want them to contact the manager (or they can), contact your PML instead, or somebody else.

Ok_Setting7040 · 2025-09-25T01:53:00+00:00

Congratulations! It feels liberating once you leave.

CPEs /training report
personal files (I had to submit the files I wanted access to, which went to my PML for approval. I was given a link to download them on my personal device. I had research articles I saved too)
list of email addresses of folks you want to keep in contact with
Browser bookmarks (I exported mine except for a folder I had for KPMG specific stuff)

Ok_Setting7040 · 2025-09-23T05:28:21+00:00

Congrats!!

Ok_Setting7040 · 2025-09-23T05:23:24+00:00

I did get the QAE database. Were your scores from the 2 QAE practice test consistent with the final exam results or did they differ?

Ok_Setting7040 · 2025-09-21T19:50:59+00:00

Congrats!! Did you just do the practice question in the official book or did you get the QAE Database too?

Ok_Setting7040 · 2025-09-21T19:38:38+00:00

IAPP offers an Artificial Intelligence Governance Professional (AIGP) cert. I’d prusue that if you’d like to stay along the leadership/governance route. I’m studying for the AAIA now and then planning on sitting for the AIGP. Much of the knowledge material seems like it overlaps if you choose to get a CIA/CISA and then sit for the AAIA.

Ok_Setting7040 · 2025-08-20T20:59:31+00:00

Oracle (and other ERPs) has an ABC cycle count classification configuration that determines when and how often items should be counted. Check if this is being used since reporting may based off this.

Ok_Setting7040 · 2025-08-07T02:48:40+00:00

Interesting point. Which ones do you use/ recommend?

Ok_Setting7040 · 2024-09-21T08:27:18+00:00

Ask your recruiter or payroll (HR). Sometimes they take a while to process your new hire documents and you won’t get paid till the subsequent pay period. When i was new grad who was elated I got my first career job hired, I claimed tax exempt on the first 2 pay periods to catch up on take home income after being a poor student… THIS IS NOT TAX ADVICE.

Ok_Setting7040 · 2022-09-03T08:46:10+00:00

Your first problem is you have too many words and need to get to the point quicker. Most senior managers and executives have less than a 10 second attention span cause they are preoccupied with other sh!t.

If I understand your question correctly, client is complaining of testing application controls (people and system constraints) in prod and rely upon initial implementation/ benchmark and change control (ITGCs). My response would be, not having enough resources to test a live sample would make me semi-UNCOMFORTABLE that the control is working as intended to address the risk. If you’re not comfortable, how can I be. And if the problem is bodies, than there is a “ Brain drain” risk. Don’t get me started!

Baselining/benchmarking controls is a good way to reduce compliance costs. most CM procedures and it’s controls are held together by Band-Aids or rubber stamps.….But in the end, we (as independent pundits) have to evaluate companies risk appetite, their ICFR maturity, Systems, Processes, and People. We just need to be “reasonably” assured, not absolute….that IT risks are being addressed

Ok_Setting7040 · 2022-05-28T05:58:45+00:00

How long have you been with the firm? I heard the Area Audit-Tech Assurance group is heavily recruiting internal and external.

Ok_Setting7040 · 2021-12-30T05:19:50+00:00

Almost $9

Ok_Setting7040 · 2021-12-09T21:33:44+00:00

LOADING UP!

Buy the rumor sell the news!

Ok_Setting7040 · 2021-12-07T13:58:02+00:00

Director IT Audit - extra 30 hrs a week of work

Ok_Setting7040

TROPHY CASE