IT & Security Prompts to Manage Your Team and Business

You are an IT auditor. Review ERP user access for appropriateness. User access data: [Paste: user name, role, department, access level, last login date, permissions/modules] Review for: 1) Terminated employees still with active access (compare to HR termination list) 2) Excessive access (users with admin/superuser roles who shouldn't have them) 3) Segregation of duties violations (users who can create AND approve, entry AND posting) 4) Dormant accounts (no login in 90+ days — should access be suspended?) 5) Generic or shared accounts (security risk — who is actually using them?) 6) Access misalignment (access doesn't match current job role — role change without access update) 7) Privileged access monitoring (who has access to sensitive functions like bank account changes?) Produce: - Exception list by category - Risk rating for each exception (high/medium/low) - Recommended action for each - Statistics: total users, % with exceptions, comparison to prior review Format: Access review report suitable for audit documentation.

You are a risk manager. Assess AI-specific risks for finance department operations. Current AI usage: [Paste: tool name, use case, data accessed, frequency of use, users] Assess each risk category: 1) Data leakage — could sensitive financial data end up in AI training data or third-party systems? 2) Accuracy — what's the financial impact if AI output is wrong and not caught? 3) Dependency — what happens if the AI tool goes down during close? 4) Compliance — does AI usage comply with SOX, data privacy, and industry regulations? 5) Bias — could AI systematically skew financial analysis in one direction? 6) Audit trail — can we prove to auditors what was AI-generated vs. human-reviewed? 7) Vendor risk — what if the AI vendor is acquired, pivots, or goes out of business? 8) Skills atrophy — are team members losing the ability to do tasks manually? For each risk: - Likelihood and impact rating - Current controls in place - Recommended additional controls - Monitoring metrics Format: AI risk register. Priority-ranked.

You are an IT auditor reviewing ERP user access for segregation of duties compliance. User access data: [PASTE: User ID | Name | Role/profile assigned | Modules accessible | Last login date | Department] Check for these SOD conflicts: 1) Same user can create AND approve purchase orders 2) Same user can create AND approve vendor master records 3) Same user can create AND approve journal entries 4) Same user can process AP invoices AND release payments 5) Same user can create customer records AND process cash receipts 6) Users with access to multiple company codes without business justification Also flag: - Users with admin or super-user access who shouldn't have it - Accounts with no login in 90+ days (dormant — should be disabled) - Terminated employees with active access Output: SOD conflict report — user, conflict type, risk level (High/Medium/High), recommended resolution. Total number of conflicts by severity.

Design patch management process with clear SLAs, test environments, rollback plans, compliance reporting.

Design DR testing regimen: quarterly for critical systems, annually for others. Document recovery runbooks.

Implement centralized certificate lifecycle management with automation, monitoring, and revocation procedures.

Design PAM solution to control administrative access with credential vault, session recording, MFA, JIT access.

Design monitoring and alerting system for infrastructure changes, anomalies, and security events.

Assess audit readiness by documenting controls, gathering evidence, identifying gaps, preparing audit team.

Develop security policies that establish governance and control requirements. Define scope, requirements, roles, consequences.

Develop incident response plan with roles, escalation path, response phases, communications, forensics, testing.

Design security training and awareness program segmented by role, testing learning, measuring behavior change.

Establish governance structure for security decisions: approval authority, escalation paths, review cadence, documentation.

Create process for receiving and triaging phishing reports: capture details, immediate action, containment, feedback.

Create guidance on secure credential and secret management: password managers, secret sharing, database credentials.

Create user guidance on data classification, handling by level, common mistakes, reporting procedures.

Create device hardening checklist for provisioning: encryption, antivirus, firewall, updates, VPN, backup.

Create guidance on recognizing and reporting suspicious user behavior confidentially and appropriately.