Public analysis on AI governance, auditability, evidence, and control design.
Findings, open questions, and proof-of-thinking where traditional assurance assumptions begin to strain.
2026 The Register Opens · The Live Node Begins5 ENTRIES
2026.06 FINDING The Audit Framework Nobody Has Written Yet → ● DRAFTED 2026.06 OPEN When Risk Moves Inside the System + UNDER REVIEW AI risk is not sitting only at the perimeter. It lives inside model behavior, training data, user interaction, and design decisions made long before audit scope begins. What does governance need to see when the risk surface is embedded inside the system itself?
2026.05 OPEN When Governance Was Designed for a Different Kind of System + UNDER REVIEW Most control frameworks assume predictable behavior: the same input produces the same output. What happens to evidence, testing, and accountability when that assumption no longer holds?
2026.05 OPEN When the Program Has to Be Built, Not Inherited + IN PROGRESS A framework is something you inherit. When there is nothing to inherit — no precedent, no settled standard, no prior audit to lean on — where does credible governance start?
2026 → CAREER AI Governance — control logic for AI-enabled systems where traditional assurance assumptions start to strain ● LIVE
THE ACCUMULATION Concurrent · Still in Service8 ENTRIES
ACTIVE RECORD Zero PCAOB Inspection Findings — across every engagement selected for inspection ✓ STANDING
ACTIVE RECORD Scrutiny Contexts — where the work has had to hold up + ✓ STANDING Public-company and SEC-regulated issuer environments · PCAOB inspection-sensitive audits and ICFR programs · SOX 404(b), ICFR readiness, and SEC issuer control environments · FFIEC and NIST-aligned cybersecurity assessments · Regulator-driven audits · Board, Audit Committee, C-suite, CAE, CFO, Controller, and external auditor reporting.
ACTIVE RECORD Operating Range — where the work spans + ✓ MAPPED Operates across AI governance · IT SOX and ICFR architecture · governance infrastructure · technical risk programs · product and engineering governance · enterprise controls.
ACTIVE RECORD Control & Technology Range — compact scope, not resume prose + ✓ MAPPED GRC workflow and control library design Identity, access, SOD, and privilege governance ERP and post-implementation reviews Cloud migration and revenue platform controls Automated controls, ITACs, key reports, and IPE System implementation risk and remediation design
ACTIVE CAREER Architecture · Program Build-Out — IT SOX methodology, standards, templates, training, and operating rhythm from the ground up
ACTIVE CAREER Pattern · Consulting — pattern recognition across complex, regulated environments
ACTIVE CAREER Discipline · External Audit — evidence, ICFR discipline, and scrutiny standards
2000–07 CAREER Source · Operations — India — risk inside real business processes SOURCE
—— register opens · the accumulation precedes the record