For fractional CFOs · internal auditors · compliance officers · family offices
Stop emailing client data to ChatGPT. Build a local-first, audit-grade AI workflow your board, your regulator, and your client confidentiality agreements can defend.
Plus the project-start prompt that produces an auditable stack in 5 minutes. Free, no credit card.
The problem
The fastest-growing use of AI in finance and audit isn't on a slide deck — it's in personal email. Workpapers, client P&Ls, advisor notes, all routed through consumer LLMs because the in-house tools aren't ready and the deadlines are.
This works until it doesn't. When the auditor asks for your AI usage policy. When a regulator subpoenas your prompt history. When your engagement letter says "client data will not be transmitted to third parties for model training" and the AI provider's TOS says it will.
You don't have an AI problem. You have an AI governance problem. And the tools selling you a fix mostly sell you slides.
From the field — 2026
"Internal auditors are emailing workpapers to their personal email addresses to use ChatGPT for creating findings."
— Internal Auditor magazine (IIA), April 2026
"In compliance, a hallucinated requirement is not merely embarrassing — it can lead to misallocated resources, false assurance, or genuine regulatory breaches."
— AI for Compliance Officers Guide, 2026
"Family offices must understand what AI tools are doing with their data, how it's leveraged, and whether their data is used to help train other people's results."
— Plante Moran AI Governance Framework, March 2026
"Set rules that prevent the assistant from sharing one client's data in another client's context."
— AI Prompt Engineering Guide for Fractional CFOs, 2026
Every one of these problems has the same root cause: AI without an audit trail.
The method
Most AI prompt templates tell the AI what to produce. We teach you how to govern the production.
The Project-Brain pattern separates three things consumer chatbots blur together:
When your CAE, your client, or your regulator asks "what did your AI do, and why?" — you have a row.
A taste of the method
You paste this once. The AI sets up the project brain, the handoff file, the runner that hashes every prompt, and the no-touch boundaries — before producing a single line of your deliverable.
# Project Start Prompt — LITE You are helping me start a serious AI-assisted project. Do not begin by producing the final deliverable. First, build a small local workspace that gives me an audit trail and survives across chat sessions. ## 1 — About this project - Name: [PROJECT NAME] - Goal: [What "done" looks like] - OS: [macOS / Linux / Windows] ## 2 — No-touch list You may not: - request or store credentials, API keys, or .env contents - access files outside the project folder - delete, overwrite, or publish without my approval - generate the full final deliverable on the first turn ## 3 — Create this local layout (cross-platform paths only) [PROJECT NAME]/ README.md HANDOFF_LATEST.md project_master.db schema.sql init_db.py runner.py docs/decisions/ outputs/ ## 4 — Project brain: 3 audit tables in SQLite decisions — what did we decide and why? work_log — what did the AI actually do? handoff_registry — what state did we hand off between sessions? ## 5 — Hash every interaction (SHA-256) ## 6 — Cross-platform commands (bash AND PowerShell) ## 7 — Proceed with patch #1 only
The full version, with 6 tables, red-team gating, idempotent migrations, and three domain variants, ships with the course.
Free, this week
Self-paced video. You'll leave knowing exactly how an audit-grade workflow differs from a chat session, and which three files you need to start.
A ~30-line copy/paste prompt for Claude or ChatGPT. The AI sets up a SQLite project brain, a handoff file, and a runner that hashes every prompt. Works on macOS, Linux, Windows.
A one-page PDF mapping each table in the Project-Brain to a specific audit question you'll be asked. Bring it to your next AI committee meeting.
Built for
You're being told to use AI without a defensible methodology. This is the methodology.
Every output that informs a compliance decision must be verifiable. Hash logs and red-team gates make that automatic.
Local-first means client data never leaves the family office. The principal can see every prompt sent.
Cross-client data leakage is your biggest liability. Per-project folders and explicit no-touch boundaries enforce confidentiality by design.
Honest about what this is
This isn't a prompt-engineering course. It's not a tour of LangChain or CrewAI or AutoGen. It's not a course on AI policy slides. It's a hands-on workshop on building a local, auditable workflow you control — using Python, SQLite, Markdown, and your terminal.
You don't need to write Python from memory. You do need to be able to paste a command into a terminal and read the result.
Get it
One email per week, max. Unsubscribe anytime. No "AI hustle bro" content, ever.
Got it — check your inbox.
The workshop link should land within 2 minutes. If it doesn't, check spam, then reply to the welcome email and Kirk will send it manually.
By submitting you agree to receive emails from auditgradeai.com. We never share or sell your address.
About
I've spent [N] years as the primary digital builder across [your prior roles] — the person on the team who actually builds the tooling everyone else uses. I've shipped governance-grade SQLite systems in production for complex multi-source research workflows before AI made any of this fashionable.
I built this course because I kept watching smart finance and compliance people email client data to ChatGPT, knowing it was wrong, knowing there had to be a better way. There is. This is it.
Email: kirk@auditgradeai.com
LinkedIn: [your LinkedIn URL]