A multi-tenant SaaS that runs AI and ML governance audits end to end: scoping, control assessment across eight frameworks, findings, and remediation, backed by a tamper-evident audit trail.
- AI Governance
- NIST AI RMF
- ISO 42001
- GRC
- SaaS
IT Audit · Cybersecurity · GRC
Tech Audit, Cybersecurity and GRC CISA and CISM. ex-Big4. Creating clarity at the intersection of systems, security, and compliance.
currently · MSc IT Auditing and Cybersecurity at Temple Fox School of Business. Open to Tech audit and GRC roles.
A multi-tenant SaaS that runs AI and ML governance audits end to end: scoping, control assessment across eight frameworks, findings, and remediation, backed by a tamper-evident audit trail.
Multi-tenant SaaS for FedRAMP continuous monitoring: POA&M lifecycle, deviation requests, OSCAL deliverables, KEV sync, and tamper-evident audit logs. Next.js 15, Supabase with RLS, SAST / DAST CI.
An AI-assisted IT audit and compliance workpaper platform that runs the full audit lifecycle across SOX ITGC, NIST 800-53, ISO 27001, PCI DSS, and NIST CSF 2.0, with audit defensibility enforced at the database layer.
An open-source tool that maps NIST SP 800-53 controls across overlays and baselines, links each control to its source paragraphs, and visualizes coverage against CSF 2.0.
A web app for IT auditors and GRC teams to build and manage risk registers: a guided assessment wizard, a 5x5 inherent and residual matrix, NIST CSF, ISO 27001 and SOX ITGC templates, and PDF and Excel export.

A Python toolkit that automates the repetitive parts of a security audit: port and service scanning, outdated-software and misconfiguration detection, password-policy checks, log analysis, and network mapping, producing structured, workpaper-ready findings.
Workpapers fail when the next auditor cannot reconstruct your thinking. A seven-section structure that ports beyond audit to engineering postmortems and product specs.
FedRAMP Moderate is 325 controls and a long list of GRC vendors. You can get to a credible readiness statement on a laptop, with three tools, in a few weeks.
Four questions (and three more) I actually ask when reviewing an AI feature. Derived from NIST AI RMF, but written for engineers and PMs, not auditors.
Yirenkyi, William Asare · Magna Scientia Advanced Research and Reviews
Yirenkyi, William Asare · Sarcouncil Journal of Multidisciplinary





I’m a technology auditor and cybersecurity professional with experience across SOX ITGC, IT risk, and platform control reviews. My background includes years of experience at PwC in Risk Assurance and Cybersecurity, followed by independent IT audit work across Windows, UNIX, and core ITGC domains. I combine audit judgment with technical execution, building tools like AuditAI and AuditLens to improve control mapping, evidence quality, and audit defensibility across frameworks such as NIST AI RMF, ISO 42001, SOX ITGC, NIST 800-53, and CSF 2.0. I hold CISA, CISM, Security+, eJPT, and cloud certifications, and I am completing an MSc in IT Auditing and Cybersecurity at Temple University’s Fox School of Business with a 4.0 GPA.